Edit tour

Windows Analysis Report
mzQcZawXvh.exe

Overview

General Information

Sample Name:	mzQcZawXvh.exe
Analysis ID:	589699
MD5:	514837c22746ae83fad96926ad2ddf83
SHA1:	e23e87f578c20f743ca1460d5e744c10b629cc16
SHA256:	beced991de014438e5a42627fd44721a06fd4fa67b8a58319fc00eb6316169a1
Tags:	BitRATexeRAT
Infos:

Detection

BitRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Yara detected BitRAT

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Antivirus detection for URL or domain

Hides threads from debuggers

Machine Learning detection for sample

Injects a PE file into a foreign processes

Contains functionality to hide a thread from the debugger

C2 URLs / IPs found in malware configuration

Possible FUD Crypter (malicious underground PE packer) detected

Uses dynamic DNS services

Uses 32bit PE files

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Found evasive API chain (date check)

Sleep loop found (likely to delay execution)

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to call native functions

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

PE file contains strange resources

Contains functionality to read the PEB

Detected TCP or UDP traffic on non-standard ports

Installs a global mouse hook

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

mzQcZawXvh.exe (PID: 5872 cmdline: "C:\Users\user\Desktop\mzQcZawXvh.exe" MD5: 514837C22746AE83FAD96926AD2DDF83)

mzQcZawXvh.exe (PID: 5012 cmdline: "C:\Users\user\Desktop\mzQcZawXvh.exe" MD5: 514837C22746AE83FAD96926AD2DDF83)

cleanup

Malware Configuration

Threatname: BitRat

{"Host": "toopdyno2.duckdns.org", "Port": "55140", "Tor Port": "0", "Install Dir": "0", "Install File": "0", "Communication Password": "3cd2623273605167e72c665ad9347c60", "Tor Process Name": "tor"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000000.252764032.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
00000001.00000000.252764032.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
00000001.00000000.251383367.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
00000001.00000000.251383367.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
00000001.00000000.246514986.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
00000001.00000000.246514986.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
00000001.00000000.247549851.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
00000001.00000000.247549851.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
00000001.00000000.245538304.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
00000001.00000000.249134372.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
00000001.00000000.249134372.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
00000001.00000000.253448623.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
00000001.00000000.253448623.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
00000000.00000002.257225352.00000000024E0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
Process Memory Space: mzQcZawXvh.exe PID: 5872	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
Process Memory Space: mzQcZawXvh.exe PID: 5012	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
Click to see the 13 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
1.0.mzQcZawXvh.exe.400000.5.raw.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.3.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.0.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.1.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.2.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.10.raw.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.10.raw.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.11.raw.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.11.raw.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.9.raw.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.9.raw.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.4.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.4.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33abf0:$s1: \plg\ 0x33ad70:$s3: files_delete 0x3399bc:$s9: ddos_stop 0x33abd0:$s10: socks5_srv_start 0x33adb8:$s16: klg\| 0x3399ec:$s17: Slowloris 0x33ac60:$s18: Bot ID: 0x33b198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.7.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.7.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33abf0:$s1: \plg\ 0x33ad70:$s3: files_delete 0x3399bc:$s9: ddos_stop 0x33abd0:$s10: socks5_srv_start 0x33adb8:$s16: klg\| 0x3399ec:$s17: Slowloris 0x33ac60:$s18: Bot ID: 0x33b198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.5.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.5.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33abf0:$s1: \plg\ 0x33ad70:$s3: files_delete 0x3399bc:$s9: ddos_stop 0x33abd0:$s10: socks5_srv_start 0x33adb8:$s16: klg\| 0x3399ec:$s17: Slowloris 0x33ac60:$s18: Bot ID: 0x33b198:$t1: <sz>N/A</sz>
1.2.mzQcZawXvh.exe.400000.0.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.2.mzQcZawXvh.exe.400000.0.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33abf0:$s1: \plg\ 0x33ad70:$s3: files_delete 0x3399bc:$s9: ddos_stop 0x33abd0:$s10: socks5_srv_start 0x33adb8:$s16: klg\| 0x3399ec:$s17: Slowloris 0x33ac60:$s18: Bot ID: 0x33b198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.8.raw.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.8.raw.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
1.2.mzQcZawXvh.exe.400000.0.raw.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.2.mzQcZawXvh.exe.400000.0.raw.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.6.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.6.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33abf0:$s1: \plg\ 0x33ad70:$s3: files_delete 0x3399bc:$s9: ddos_stop 0x33abd0:$s10: socks5_srv_start 0x33adb8:$s16: klg\| 0x3399ec:$s17: Slowloris 0x33ac60:$s18: Bot ID: 0x33b198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.10.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.10.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33abf0:$s1: \plg\ 0x33ad70:$s3: files_delete 0x3399bc:$s9: ddos_stop 0x33abd0:$s10: socks5_srv_start 0x33adb8:$s16: klg\| 0x3399ec:$s17: Slowloris 0x33ac60:$s18: Bot ID: 0x33b198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.6.raw.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.6.raw.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
0.2.mzQcZawXvh.exe.24e15a0.1.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
0.2.mzQcZawXvh.exe.24e15a0.1.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x339bf0:$s1: \plg\ 0x339d70:$s3: files_delete 0x3389bc:$s9: ddos_stop 0x339bd0:$s10: socks5_srv_start 0x339db8:$s16: klg\| 0x3389ec:$s17: Slowloris 0x339c60:$s18: Bot ID: 0x33a198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.8.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.8.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33abf0:$s1: \plg\ 0x33ad70:$s3: files_delete 0x3399bc:$s9: ddos_stop 0x33abd0:$s10: socks5_srv_start 0x33adb8:$s16: klg\| 0x3399ec:$s17: Slowloris 0x33ac60:$s18: Bot ID: 0x33b198:$t1: <sz>N/A</sz>
0.2.mzQcZawXvh.exe.24e15a0.1.raw.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
0.2.mzQcZawXvh.exe.24e15a0.1.raw.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33abf0:$s1: \plg\ 0x33ad70:$s3: files_delete 0x3399bc:$s9: ddos_stop 0x33abd0:$s10: socks5_srv_start 0x33adb8:$s16: klg\| 0x3399ec:$s17: Slowloris 0x33ac60:$s18: Bot ID: 0x33b198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.11.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.11.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33abf0:$s1: \plg\ 0x33ad70:$s3: files_delete 0x3399bc:$s9: ddos_stop 0x33abd0:$s10: socks5_srv_start 0x33adb8:$s16: klg\| 0x3399ec:$s17: Slowloris 0x33ac60:$s18: Bot ID: 0x33b198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.7.raw.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.7.raw.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33bbf0:$s1: \plg\ 0x33bd70:$s3: files_delete 0x33a9bc:$s9: ddos_stop 0x33bbd0:$s10: socks5_srv_start 0x33bdb8:$s16: klg\| 0x33a9ec:$s17: Slowloris 0x33bc60:$s18: Bot ID: 0x33c198:$t1: <sz>N/A</sz>
1.0.mzQcZawXvh.exe.400000.9.unpack	JoeSecurity_BitRAT	Yara detected BitRAT	Joe Security
1.0.mzQcZawXvh.exe.400000.9.unpack	MALWARE_Win_BitRAT	Detects BitRAT RAT	ditekSHen	0x33abf0:$s1: \plg\ 0x33ad70:$s3: files_delete 0x3399bc:$s9: ddos_stop 0x33abd0:$s10: socks5_srv_start 0x33adb8:$s16: klg\| 0x3399ec:$s17: Slowloris 0x33ac60:$s18: Bot ID: 0x33b198:$t1: <sz>N/A</sz>
Click to see the 36 entries

Sigma Signatures

There are no malicious signatures, click here to show all signatures.

Source: Process started

Author: frack113: Data: Command: "C:\Users\user\Desktop\mzQcZawXvh.exe" , CommandLine: "C:\Users\user\Desktop\mzQcZawXvh.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\mzQcZawXvh.exe, NewProcessName: C:\Users\user\Desktop\mzQcZawXvh.exe, OriginalFileName: C:\Users\user\Desktop\mzQcZawXvh.exe, ParentCommandLine: "C:\Users\user\Desktop\mzQcZawXvh.exe" , ParentImage: C:\Users\user\Desktop\mzQcZawXvh.exe, ParentProcessId: 5872, ProcessCommandLine: "C:\Users\user\Desktop\mzQcZawXvh.exe" , ProcessId: 5012

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000001.00000000.252764032.0000000000400000.00000040.00000400.00020000.00000000.sdmp

Malware Configuration Extractor: BitRat {"Host": "toopdyno2.duckdns.org", "Port": "55140", "Tor Port": "0", "Install Dir": "0", "Install File": "0", "Communication Password": "3cd2623273605167e72c665ad9347c60", "Tor Process Name": "tor"}

Multi AV Scanner detection for submitted file

Source: mzQcZawXvh.exe	Metadefender: Detection: 20%			Perma Link
Source: mzQcZawXvh.exe	ReversingLabs: Detection: 48%

Antivirus detection for URL or domain

Source: toopdyno2.duckdns.org

Avira URL Cloud: Label: malware

Machine Learning detection for sample

Source: mzQcZawXvh.exe

Joe Sandbox ML: detected

Source: mzQcZawXvh.exe, 00000000.00000002.257225352.00000000024E0000.00000040.00001000.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

Source: mzQcZawXvh.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source:	Binary string: x4C:\fipopovo-kogite\sinagume.pdb source: mzQcZawXvh.exe
Source:	Binary string: C:\fipopovo-kogite\sinagume.pdb source: mzQcZawXvh.exe

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_004269D4 GetFullPathNameW,FindFirstFileExW,GetLastError,

1_2_004269D4

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: toopdyno2.duckdns.org

Uses dynamic DNS services

Source: unknown

DNS query: name: toopdyno2.duckdns.org

Source: Joe Sandbox View

ASN Name: ESAB-ASSE ESAB-ASSE

Source: global traffic

TCP traffic: 192.168.2.4:49715 -> 185.213.155.164:55140

Source: mzQcZawXvh.exe, mzQcZawXvh.exe, 00000001.00000000.252764032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, mzQcZawXvh.exe, 00000001.00000000.246514986.0000000000400000.00000040.00000400.00020000.00000000.sdmp, mzQcZawXvh.exe, 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp

String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html

Source: unknown

DNS traffic detected: queries for: toopdyno2.duckdns.org

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_00415782 WSARecv,

1_2_00415782

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Windows user hook set: 0 mouse low level NULL

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: 1.0.mzQcZawXvh.exe.400000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.2.mzQcZawXvh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.2.mzQcZawXvh.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 0.2.mzQcZawXvh.exe.24e15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 0.2.mzQcZawXvh.exe.24e15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.11.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 1.0.mzQcZawXvh.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 00000001.00000000.252764032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 00000001.00000000.251383367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 00000001.00000000.246514986.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 00000001.00000000.247549851.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 00000001.00000000.249134372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 00000001.00000000.253448623.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects BitRAT RAT Author: ditekSHen
Source: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects BitRAT RAT Author: ditekSHen

Source: mzQcZawXvh.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 1.0.mzQcZawXvh.exe.400000.10.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.11.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.9.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.2.mzQcZawXvh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.8.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.2.mzQcZawXvh.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 0.2.mzQcZawXvh.exe.24e15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 0.2.mzQcZawXvh.exe.24e15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.11.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 1.0.mzQcZawXvh.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 00000001.00000000.252764032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 00000001.00000000.251383367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 00000001.00000000.246514986.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 00000001.00000000.247549851.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 00000001.00000000.249134372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 00000001.00000000.253448623.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT
Source: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_BitRAT author = ditekSHen, description = Detects BitRAT RAT, clamav_sig = MALWARE.Win.Trojan.BitRAT

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_00413DD0	0_2_00413DD0
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_00414BB0	0_2_00414BB0
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_0068C54E	1_2_0068C54E
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_004FA652	1_2_004FA652
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_0040EA72	1_2_0040EA72
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_0042AE39	1_2_0042AE39
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_0042CF4C	1_2_0042CF4C
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_004BAF5C	1_2_004BAF5C
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_00693097	1_2_00693097
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_0042711E	1_2_0042711E
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_004113C3	1_2_004113C3
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_0069D3C0	1_2_0069D3C0

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: String function: 00411DDD appears 133 times
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: String function: 0068A4E0 appears 58 times
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: String function: 00411A50 appears 101 times
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: String function: 0068A19C appears 116 times
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: String function: 006B9C3C appears 728 times
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: String function: 005D8230 appears 98 times
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: String function: 00411AAE appears 38 times
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: String function: 006909D0 appears 71 times
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: String function: 0068E3DE appears 66 times
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: String function: 0040E1A0 appears 136 times

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_0047DA23 __EH_prolog,GetModuleHandleA,GetProcAddress,GetCurrentThread,NtSetInformationThread,

1_2_0047DA23

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_005CF200: CreateFileW,new,DeviceIoControl,CloseHandle,

1_2_005CF200

Source: mzQcZawXvh.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: mzQcZawXvh.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: mzQcZawXvh.exe	Metadefender: Detection: 20%
Source: mzQcZawXvh.exe	ReversingLabs: Detection: 48%

Source: mzQcZawXvh.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\mzQcZawXvh.exe "C:\Users\user\Desktop\mzQcZawXvh.exe"
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Process created: C:\Users\user\Desktop\mzQcZawXvh.exe "C:\Users\user\Desktop\mzQcZawXvh.exe"
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Process created: C:\Users\user\Desktop\mzQcZawXvh.exe "C:\Users\user\Desktop\mzQcZawXvh.exe"	Jump to behavior

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_0047E75C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,

1_2_0047E75C

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/0@638/2

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 0_2_00409FD0 __wremove,_putc,_puts,_atexit,_malloc,_perror,InitializeCriticalSection,EnterCriticalSection,GetBinaryTypeW,GetConsoleAliasExesA,GetBinaryTypeW,GetConsoleAliasExesA,InitializeCriticalSection,EnterCriticalSection,GetNumberFormatW,WriteConsoleOutputCharacterA,ReadConsoleW,SetThreadPriority,FindNextVolumeMountPointW,SetProcessShutdownParameters,GetConsoleAliasesLengthW,SetProcessAffinityMask,OpenFileMappingW,OpenWaitableTimerW,AreFileApisANSI,CancelDeviceWakeupRequest,FindFirstVolumeA,GetConsoleAliasesLengthA,WinHttpConnect,GetLastError,GetCharWidthA,GetConsoleAliasesLengthA,WinHttpConnect,AlphaBlend,GetComputerNameW,TlsFree,DeleteAtom,GetModuleHandleW,EnumDateFormatsA,TlsFree,WriteConsoleOutputCharacterA,LoadLibraryW,DeleteAtom,GetModuleHandleW,GetPrivateProfileStringA,FreeEnvironmentStringsA,ResetWriteWatch,MoveFileA,GetConsoleAliasExesLengthW,EnumSystemLocalesW,_lopen,_lwrite,SetSystemTimeAdjustment,DebugBreak,MoveFileWithProgressA,SetCommState,EnumDateFormatsA,CreateMailslotW,WriteConsoleInputW,GetConsoleAliasExesLengthA,SetComputerNameW,GlobalGetAtomNameA,AllocConsole,GetQueuedCompletionStatus,GetProfileStringW,GetSystemWindowsDirectoryA,SetConsoleCP,VerSetConditionMask,EnumDateFormatsA,SetThreadAffinityMask,SetThreadAffinityMask,EnumCalendarInfoA,lstrcatA,LocalAlloc,FormatMessageW,FreeEnvironmentStringsA,EnumCalendarInfoA,lstrcatA,LocalAlloc,FormatMessageW,WriteConsoleInputW,GlobalWire,GetPrivateProfileSectionNamesA,WriteConsoleA,ReadConsoleW,DebugBreak,LoadLibraryW,lstrlenA,EnumResourceTypesA,OutputDebugStringW,_lwrite,GetConsoleAliasA,CreateActCtxW,GetPrivateProfileStringA,GetACP,CopyFileA,GetSystemWindowsDirectoryA,InterlockedExchangeAdd,ContinueDebugEvent,SetConsoleCursorPosition,GetConsoleAliasExesLengthA,

0_2_00409FD0

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Mutant created: \Sessions\1\BaseNamedObjects\71829ba4b664877b4343fec94f23404f

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_00422D5E __CxxThrowException@8,GetLastError,LoadResource,LockResource,SizeofResource,

1_2_00422D5E

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Command line argument: Firekax	0_2_00409FD0
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Command line argument: Noyucamirohanic	0_2_00409FD0
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Command line argument: z<B	0_2_00409FD0
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Command line argument: z<B	0_2_00409FD0

Source: mzQcZawXvh.exe	String found in binary or memory: id-cmc-addExtensions
Source: mzQcZawXvh.exe	String found in binary or memory: set-addPolicy

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: mzQcZawXvh.exe

Static file information: File size 2180096 > 1048576

Source: mzQcZawXvh.exe

Static PE information: Raw size of .data is bigger than: 0x100000 < 0x1e4800

Source: mzQcZawXvh.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: mzQcZawXvh.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: mzQcZawXvh.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: mzQcZawXvh.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: mzQcZawXvh.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: mzQcZawXvh.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: mzQcZawXvh.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: x4C:\fipopovo-kogite\sinagume.pdb source: mzQcZawXvh.exe
Source:	Binary string: C:\fipopovo-kogite\sinagume.pdb source: mzQcZawXvh.exe

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_00409742 push ecx; mov dword ptr [esp], 00000000h	0_2_00409751
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_00409770 push ecx; mov dword ptr [esp], 00000002h	0_2_00409771
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_004097A0 push ecx; mov dword ptr [esp], 00000000h	0_2_004097A1
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_022FCAC3 push ebp; retf	0_2_022FCAD2
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_022FD341 pushad ; iretd	0_2_022FD344
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_023005B8 push cs; retf	0_2_023005C4
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_0068A4A9 push ecx; ret	1_2_0068A4BC
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_0068B486 push ecx; ret	1_2_0068B499

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 0_2_0041A080 LoadLibraryA,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,

0_2_0041A080

Hooking and other Techniques for Hiding and Protection

Possible FUD Crypter (malicious underground PE packer) detected

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	FUD Crypter parameteres: EnumResourceTypesA, 86, 75, 5, 447		0_2_00409FD0
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	FUD Crypter parameteres: EnumResourceTypesA, 80, 69, 4, 417		0_2_0040A039

Source: C:\Users\user\Desktop\mzQcZawXvh.exe TID: 5612	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe TID: 3904	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe TID: 5700	Thread sleep time: -105000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_1-38780

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Thread sleep count: Count: 2493 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep			graph_0-14878
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess			graph_0-15026

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Window / User API: threadDelayed 2493			Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Window / User API: threadDelayed 392			Jump to behavior

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	API coverage: 9.5 %
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	API coverage: 8.4 %

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_0044DE59 __EH_prolog,new,GetModuleHandleA,GetProcAddress,GetSystemInfo,GetProductInfo,

1_2_0044DE59

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_004269D4 GetFullPathNameW,FindFirstFileExW,GetLastError,

1_2_004269D4

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

API call chain: ExitProcess graph end node

graph_0-15027

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Thread information set: HideFromDebugger	Jump to behavior

Contains functionality to hide a thread from the debugger

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_0047DA23 NtSetInformationThread ?,00000011,00000000,00000000,?,?,00000000,00000000

1_2_0047DA23

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 0_2_00416CA0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_00416CA0

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

0_2_00409FD0

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

0_2_0041A080

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_004B8B6B __EH_prolog,GetProcessHeap,HeapAlloc,

1_2_004B8B6B

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_022FB0A3 push dword ptr fs:[00000030h]		0_2_022FB0A3
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_006A482C mov eax, dword ptr fs:[00000030h]		1_2_006A482C

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_00411C80 SetUnhandledExceptionFilter,	0_2_00411C80
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_00416CA0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00416CA0
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_0041F250 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0041F250
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 0_2_00411AC0 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00411AC0
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_0068A7EA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_0068A7EA
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: 1_2_00694A7C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00694A7C

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Memory written: C:\Users\user\Desktop\mzQcZawXvh.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Process created: C:\Users\user\Desktop\mzQcZawXvh.exe "C:\Users\user\Desktop\mzQcZawXvh.exe"

Jump to behavior

Source: mzQcZawXvh.exe, 00000001.00000002.558474241.000000000386B000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: Program ManagerZ

Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: __wremove,_putc,_puts,_atexit,_malloc,_perror,InitializeCriticalSection,EnterCriticalSection,GetBinaryTypeW,GetConsoleAliasExesA,GetBinaryTypeW,GetConsoleAliasExesA,InitializeCriticalSection,EnterCriticalSection,GetNumberFormatW,WriteConsoleOutputCharacterA,ReadConsoleW,SetThreadPriority,FindNextVolumeMountPointW,SetProcessShutdownParameters,GetConsoleAliasesLengthW,SetProcessAffinityMask,OpenFileMappingW,OpenWaitableTimerW,AreFileApisANSI,CancelDeviceWakeupRequest,FindFirstVolumeA,GetConsoleAliasesLengthA,WinHttpConnect,GetLastError,GetCharWidthA,GetConsoleAliasesLengthA,WinHttpConnect,AlphaBlend,GetComputerNameW,TlsFree,DeleteAtom,GetModuleHandleW,EnumDateFormatsA,TlsFree,WriteConsoleOutputCharacterA,LoadLibraryW,DeleteAtom,GetModuleHandleW,GetPrivateProfileStringA,FreeEnvironmentStringsA,ResetWriteWatch,MoveFileA,GetConsoleAliasExesLengthW,EnumSystemLocalesW,_lopen,_lwrite,SetSystemTimeAdjustment,DebugBreak,MoveFileWithProgressA,SetCommState,EnumDateFormatsA,CreateMailslotW,WriteConsoleInputW,GetConsoleAliasExesLengthA,SetComputerNameW,GlobalGetAtomNameA,AllocConsole,GetQueuedCompletionStatus,GetProfileStringW,GetSystemWindowsDirectoryA,SetConsoleCP,VerSetConditionMask,EnumDateFormatsA,SetThreadAffinityMask,SetThreadAffinityMask,EnumCalendarInfoA,lstrcatA,LocalAlloc,FormatMessageW,FreeEnvironmentStringsA,EnumCalendarInfoA,lstrcatA,LocalAlloc,FormatMessageW,WriteConsoleInputW,GlobalWire,GetPrivateProfileSectionNamesA,WriteConsoleA,ReadConsoleW,DebugBreak,LoadLibraryW,lstrlenA,EnumResourceTypesA,OutputDebugStringW,_lwrite,GetConsoleAliasA,CreateActCtxW,GetPrivateProfileStringA,GetACP,CopyFileA,GetSystemWindowsDirectoryA,InterlockedExchangeAdd,ContinueDebugEvent,SetConsoleCursorPosition,GetConsoleAliasExesLengthA,	0_2_00409FD0
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: GetBinaryTypeW,GetConsoleAliasExesA,InitializeCriticalSection,EnterCriticalSection,GetNumberFormatW,WriteConsoleOutputCharacterA,ReadConsoleW,SetThreadPriority,FindNextVolumeMountPointW,SetProcessShutdownParameters,GetConsoleAliasesLengthW,SetProcessAffinityMask,OpenFileMappingW,OpenWaitableTimerW,AreFileApisANSI,CancelDeviceWakeupRequest,FindFirstVolumeA,GetConsoleAliasesLengthA,WinHttpConnect,GetLastError,GetCharWidthA,GetConsoleAliasesLengthA,WinHttpConnect,AlphaBlend,GetComputerNameW,TlsFree,DeleteAtom,GetModuleHandleW,EnumDateFormatsA,TlsFree,WriteConsoleOutputCharacterA,LoadLibraryW,DeleteAtom,GetModuleHandleW,GetPrivateProfileStringA,FreeEnvironmentStringsA,ResetWriteWatch,MoveFileA,GetConsoleAliasExesLengthW,EnumSystemLocalesW,_lopen,_lwrite,SetSystemTimeAdjustment,DebugBreak,MoveFileWithProgressA,SetCommState,EnumDateFormatsA,CreateMailslotW,WriteConsoleInputW,GetConsoleAliasExesLengthA,SetComputerNameW,GlobalGetAtomNameA,AllocConsole,GetQueuedCompletionStatus,GetProfileStringW,GetSystemWindowsDirectoryA,SetConsoleCP,VerSetConditionMask,EnumDateFormatsA,SetThreadAffinityMask,SetThreadAffinityMask,EnumCalendarInfoA,lstrcatA,LocalAlloc,FormatMessageW,FreeEnvironmentStringsA,EnumCalendarInfoA,lstrcatA,LocalAlloc,FormatMessageW,WriteConsoleInputW,GlobalWire,GetPrivateProfileSectionNamesA,WriteConsoleA,ReadConsoleW,DebugBreak,LoadLibraryW,lstrlenA,EnumResourceTypesA,OutputDebugStringW,_lwrite,GetConsoleAliasA,CreateActCtxW,GetPrivateProfileStringA,GetACP,CopyFileA,GetSystemWindowsDirectoryA,InterlockedExchangeAdd,ContinueDebugEvent,SetConsoleCursorPosition,GetConsoleAliasExesLengthA,	0_2_0040A039
Source: C:\Users\user\Desktop\mzQcZawXvh.exe	Code function: GetLocaleInfoA,	0_2_00420CD0

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_0040EA72 cpuid

1_2_0040EA72

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 0_2_00411CA0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00411CA0

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 0_2_00409990 VerLanguageNameA,SetDefaultCommConfigW,ReadConsoleOutputCharacterW,VerifyVersionInfoA,GetVersionExW,QueryDepthSList,BuildCommDCBAndTimeoutsA,CopyFileExW,GetCompressedFileSizeW,FindNextFileW,SetEvent,QueryDepthSList,VerifyVersionInfoA,GetVersionExW,SetLastError,TerminateProcess,GetTimeZoneInformation,FillConsoleOutputCharacterA,

0_2_00409990

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 0_2_00409D50 GetSystemWow64DirectoryW,GetCPInfoExW,DisconnectNamedPipe,CopyFileA,GetLastError,SetConsoleTextAttribute,DebugBreak,SetCalendarInfoA,WriteProfileSectionW,GetLastError,CopyFileA,GetSystemWow64DirectoryW,GetCPInfoExW,DisconnectNamedPipe,GetStartupInfoA,InterlockedCompareExchange,HeapValidate,GetVersionExW,GlobalFix,TerminateProcess,GetUserDefaultLangID,WritePrivateProfileStringA,GetNamedPipeHandleStateW,TerminateProcess,GetUserDefaultLangID,WritePrivateProfileStringA,GetNamedPipeHandleStateW,GetModuleHandleW,SetDllDirectoryW,FormatMessageA,FindResourceW,ReleaseActCtx,GetCalendarInfoA,FindFirstChangeNotificationW,InterlockedDecrement,GetCommandLineA,GetProfileSectionA,GlobalFix,VerifyVersionInfoA,

0_2_00409D50

Source: C:\Users\user\Desktop\mzQcZawXvh.exe

Code function: 1_2_00471490 __EH_prolog,GetUserNameW,

1_2_00471490

Stealing of Sensitive Information

Yara detected BitRAT

Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mzQcZawXvh.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mzQcZawXvh.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.mzQcZawXvh.exe.24e15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.mzQcZawXvh.exe.24e15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000000.252764032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.251383367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.246514986.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.247549851.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.245538304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.249134372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.253448623.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.257225352.00000000024E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mzQcZawXvh.exe PID: 5872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mzQcZawXvh.exe PID: 5012, type: MEMORYSTR

Remote Access Functionality

Yara detected BitRAT

Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mzQcZawXvh.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mzQcZawXvh.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.mzQcZawXvh.exe.24e15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.mzQcZawXvh.exe.24e15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.mzQcZawXvh.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000000.252764032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.251383367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.246514986.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.247549851.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.245538304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.249134372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.253448623.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.257225352.00000000024E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mzQcZawXvh.exe PID: 5872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mzQcZawXvh.exe PID: 5012, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	3 Command and Scripting Interpreter	Path Interception	1 Access Token Manipulation	131 Virtualization/Sandbox Evasion	1 Input Capture	2 System Time Discovery	Remote Services	1 Input Capture	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	3 Native API	Boot or Logon Initialization Scripts	112 Process Injection	1 Access Token Manipulation	LSASS Memory	23 Security Software Discovery	Remote Desktop Protocol	11 Archive Collected Data	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	112 Process Injection	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Ingress Tool Transfer	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Deobfuscate/Decode Files or Information	NTDS	131 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Data Transfer Size Limits	21 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Software Packing	Cached Domain Credentials	1 Account Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	1 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 Remote System Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	1 File and Directory Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	24 System Information Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
mzQcZawXvh.exe	20%	Metadefender		Browse
mzQcZawXvh.exe	49%	ReversingLabs	Win32.Trojan.Tnega
mzQcZawXvh.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
1.0.mzQcZawXvh.exe.400000.11.unpack	100%	Avira	HEUR/AGEN.1245145	Download File
1.0.mzQcZawXvh.exe.400000.6.unpack	100%	Avira	HEUR/AGEN.1245145	Download File
1.0.mzQcZawXvh.exe.400000.8.unpack	100%	Avira	HEUR/AGEN.1245145	Download File
1.2.mzQcZawXvh.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1245145	Download File
1.0.mzQcZawXvh.exe.400000.4.unpack	100%	Avira	HEUR/AGEN.1245145	Download File
1.0.mzQcZawXvh.exe.400000.7.unpack	100%	Avira	HEUR/AGEN.1245145	Download File
1.0.mzQcZawXvh.exe.400000.10.unpack	100%	Avira	HEUR/AGEN.1245145	Download File
1.0.mzQcZawXvh.exe.400000.5.unpack	100%	Avira	HEUR/AGEN.1245145	Download File
1.0.mzQcZawXvh.exe.400000.9.unpack	100%	Avira	HEUR/AGEN.1245145	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
toopdyno2.duckdns.org	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
toopdyno2.duckdns.org	185.213.155.164	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
toopdyno2.duckdns.org	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://curl.haxx.se/docs/http-cookies.html	mzQcZawXvh.exe, mzQcZawXvh.exe, 00000001.00000000.252764032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, mzQcZawXvh.exe, 00000001.00000000.246514986.0000000000400000.00000040.00000400.00020000.00000000.sdmp, mzQcZawXvh.exe, 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.213.155.164	toopdyno2.duckdns.org	Sweden		39351	ESAB-ASSE	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	589699
Start date and time:	2022-03-15 16:28:17 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	mzQcZawXvh.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@3/0@638/2
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 23.2% (good quality ratio 21.9%) Quality average: 82.5% Quality standard deviation: 27.3%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: mzQcZawXvh.exe

Simulations

Behavior and APIs

Time	Type	Description
17:29:33	API Interceptor	651x Sleep call for process: mzQcZawXvh.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
185.213.155.164	3Ddmw9TwGY.exe	Get hash	malicious	Browse
185.213.155.164	Za95JGZ8D7.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
toopdyno2.duckdns.org	3Ddmw9TwGY.exe	Get hash	malicious	Browse	185.213.155.164
toopdyno2.duckdns.org	Za95JGZ8D7.exe	Get hash	malicious	Browse	185.213.155.164

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ESAB-ASSE	3Ddmw9TwGY.exe	Get hash	malicious	Browse	185.213.155.164
	Za95JGZ8D7.exe	Get hash	malicious	Browse	185.213.155.164
	b3astmode.arm7	Get hash	malicious	Browse	185.65.133.208
	NMhjdmrpZi	Get hash	malicious	Browse	185.65.133.217
	Heri2RE17I	Get hash	malicious	Browse	185.65.133.207
	rXFu2DZdQq	Get hash	malicious	Browse	185.65.133.224
	XC59Xztorr.exe	Get hash	malicious	Browse	185.65.135.234
	SecuriteInfo.com.Variant.Razy.909711.11286.exe	Get hash	malicious	Browse	185.65.135.234
	Software update v2.0.0.exe	Get hash	malicious	Browse	185.65.135.234
	82Iqbsw9vI.exe	Get hash	malicious	Browse	185.65.135.234
	GLBtdTEH84.exe	Get hash	malicious	Browse	185.65.135.234
	2mdb3OG6FM.exe	Get hash	malicious	Browse	185.65.135.234
	rOpFMfE0R1.exe	Get hash	malicious	Browse	193.138.218.173
	5Zp8G6A1ad.exe	Get hash	malicious	Browse	185.65.135.234
	YgTvaZ5Vkh.exe	Get hash	malicious	Browse	185.65.135.234
	72339997AA5CF9D313E2C7A44B8649D343A057CD45A6B.exe	Get hash	malicious	Browse	185.65.135.234
	SecuriteInfo.com.Trojan.GenericKD.46968833.5808.exe	Get hash	malicious	Browse	185.65.135.234
	tt08hBCPjG.exe	Get hash	malicious	Browse	185.65.135.234
	GMcvStCBHM.exe	Get hash	malicious	Browse	185.65.135.234
	F5ttxmxaO9.exe	Get hash	malicious	Browse	185.65.135.234

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.940079508218017
TrID:	Win32 Executable (generic) a (10002005/4) 99.55% Win32 EXE PECompact compressed (generic) (41571/9) 0.41% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	mzQcZawXvh.exe
File size:	2180096
MD5:	514837c22746ae83fad96926ad2ddf83
SHA1:	e23e87f578c20f743ca1460d5e744c10b629cc16
SHA256:	beced991de014438e5a42627fd44721a06fd4fa67b8a58319fc00eb6316169a1
SHA512:	04af3589b1b92fa8013cecd5b6950e398022bbc72c1a47e2ca2d6e6baec58f5936b221e856ef63c41be47c34a0d34ee23327a9d139adae78a43f6e4d87d0717e
SSDEEP:	49152:4bAM+JWcJIVmnZAjtJeGvnEgj2s/gNXrQ4/owDx+SH1ePVui:2AMKWcyVuweoF/gN7HZVePZ
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o...............\.......\..................;....\.......\.......\......Rich............................PE..L......`...........

File Icon


Icon Hash:	e7ee91b8f8cc581a

Static PE Info

General

Entrypoint:	0x40b310
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	TERMINAL_SERVER_AWARE, NX_COMPAT
Time Stamp:	0x602E1AD3 [Thu Feb 18 07:44:19 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	0bff565af25c1bc5033321ca0bc710a2

Entrypoint Preview

Instruction
mov edi, edi
push ebp
mov ebp, esp
call 00007F81489FB42Bh
call 00007F81489F4AB6h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov edi, edi
push ebp
mov ebp, esp
push FFFFFFFEh
push 00425118h
push 0040E610h
mov eax, dword ptr fs:[00000000h]
push eax
add esp, FFFFFF94h
push ebx
push esi
push edi
mov eax, dword ptr [0060A7A4h]
xor dword ptr [ebp-08h], eax
xor eax, ebp
push eax
lea eax, dword ptr [ebp-10h]
mov dword ptr fs:[00000000h], eax
mov dword ptr [ebp-18h], esp
mov dword ptr [ebp-70h], 00000000h
mov dword ptr [ebp-04h], 00000000h
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [004010D8h]
mov dword ptr [ebp-04h], FFFFFFFEh
jmp 00007F81489F4AC8h
mov eax, 00000001h
ret
mov esp, dword ptr [ebp-18h]
mov dword ptr [ebp-78h], 000000FFh
mov dword ptr [ebp-04h], FFFFFFFEh
mov eax, dword ptr [ebp-78h]
jmp 00007F81489F4BF8h
mov dword ptr [ebp-04h], FFFFFFFEh
call 00007F81489F4C34h
mov dword ptr [ebp-6Ch], eax
push 00000001h
call 00007F81489FC04Ah
add esp, 04h
test eax, eax
jne 00007F81489F4AACh
push 0000001Ch
call 00007F81489F4BECh
add esp, 04h
call 00007F81489F99D4h
test eax, eax
jne 00007F81489F4AACh
push 00000010h

Rich Headers

Programming Language:

[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[ASM] VS2008 build 21022
[LNK] VS2008 build 21022
[RES] VS2008 build 21022
[C++] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25824	0x64	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x235000	0x4e68	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x23a000	0x19d4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1340	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x8710	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x2f4	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x25a2a	0x25c00	False	0.427753776904	data	6.23479245929	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x27000	0x20d580	0x1e4800	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x235000	0x4e68	0x5000	False	0.42978515625	data	4.14944327562	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x23a000	0x4baa	0x4c00	False	0.282020970395	data	3.12336197694	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_CURSOR	0x237f58	0x130	data
RT_CURSOR	0x238088	0xf0	data
RT_CURSOR	0x238178	0x10a8	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x2353f0	0x6c8	data
RT_ICON	0x235ab8	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0x236020	0x10a8	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
RT_ICON	0x2370c8	0x988	data
RT_ICON	0x237a50	0x468	GLS_BINARY_LSB_FIRST
RT_STRING	0x239380	0x14a	data
RT_STRING	0x2394d0	0x4b2	data
RT_STRING	0x239988	0x2e8	data
RT_STRING	0x239c70	0x1f4	data
RT_ACCELERATOR	0x237f30	0x28	data
RT_ACCELERATOR	0x237f08	0x28	data
RT_GROUP_CURSOR	0x239220	0x30	data
RT_GROUP_ICON	0x237eb8	0x4c	data
RT_VERSION	0x239250	0x130	data

Imports

DLL	Import
KERNEL32.dll	SetLocaleInfoW, FindFirstVolumeA, GetNamedPipeHandleStateW, FileTimeToSystemTime, EnumResourceTypesA, EnumResourceNamesA, FillConsoleOutputCharacterA, GetTimeZoneInformation, TerminateProcess, SetLastError, SetEvent, FindNextFileW, GetCompressedFileSizeW, CopyFileExW, BuildCommDCBAndTimeoutsA, QueryDepthSList, GetVersionExW, VerifyVersionInfoA, ReadConsoleOutputCharacterW, SetDefaultCommConfigW, VerLanguageNameA, EscapeCommFunction, WritePrivateProfileStructA, FreeEnvironmentStringsW, CreateTimerQueue, FindNextVolumeMountPointA, GetWriteWatch, WriteConsoleInputA, SetComputerNameExW, FindAtomW, GlobalDeleteAtom, GetThreadPriority, CallNamedPipeW, GetDriveTypeA, BuildCommDCBAndTimeoutsW, VirtualProtect, LocalAlloc, GetProfileSectionA, GetCommandLineA, InterlockedDecrement, FindFirstChangeNotificationW, GetCalendarInfoA, ReleaseActCtx, FindResourceW, FormatMessageA, SetDllDirectoryW, GetModuleHandleW, WritePrivateProfileStringA, GetUserDefaultLangID, GlobalFix, HeapValidate, InterlockedCompareExchange, GetStartupInfoA, WriteProfileSectionW, SetCalendarInfoA, DebugBreak, SetConsoleTextAttribute, GetLastError, CopyFileA, DisconnectNamedPipe, WriteProfileSectionA, GetSystemWow64DirectoryW, SetConsoleCursorPosition, ContinueDebugEvent, InterlockedExchangeAdd, GetACP, CreateActCtxW, GetConsoleAliasA, OutputDebugStringW, lstrlenA, WriteConsoleA, GetPrivateProfileSectionNamesA, GlobalWire, FormatMessageW, lstrcatA, EnumCalendarInfoA, SetThreadAffinityMask, VerSetConditionMask, SetConsoleCP, GetSystemWindowsDirectoryA, GetProfileStringW, GetQueuedCompletionStatus, AllocConsole, GlobalGetAtomNameA, SetComputerNameW, GetConsoleAliasExesLengthA, WriteConsoleInputW, CreateMailslotW, SetCommState, MoveFileWithProgressA, SetSystemTimeAdjustment, _lwrite, _lopen, EnumSystemLocalesW, GetConsoleAliasExesLengthW, MoveFileA, ResetWriteWatch, FreeEnvironmentStringsA, GetPrivateProfileStringA, LoadLibraryW, EnumDateFormatsA, DeleteAtom, TlsFree, GetComputerNameW, GetConsoleAliasesLengthA, CancelDeviceWakeupRequest, AreFileApisANSI, OpenWaitableTimerW, OpenFileMappingW, SetProcessAffinityMask, GetConsoleAliasesLengthW, SetProcessShutdownParameters, FindNextVolumeMountPointW, SetThreadPriority, ReadConsoleW, WriteConsoleOutputCharacterA, GetNumberFormatW, GetConsoleAliasExesA, GetBinaryTypeW, EnterCriticalSection, InitializeCriticalSection, GetCPInfoExW, LoadLibraryA, DeleteFileA, RaiseException, IsBadReadPtr, DeleteCriticalSection, LeaveCriticalSection, GetModuleFileNameW, SetStdHandle, GetFileType, WriteFile, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, Sleep, InterlockedIncrement, GetProcAddress, ExitProcess, TlsGetValue, TlsAlloc, TlsSetValue, GetCurrentThreadId, SetHandleCount, GetStdHandle, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleFileNameA, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, HeapFree, VirtualFree, HeapAlloc, HeapSize, HeapReAlloc, VirtualAlloc, GetOEMCP, GetCPInfo, IsValidCodePage, RtlUnwind, InitializeCriticalSectionAndSpinCount, OutputDebugStringA, WriteConsoleW, GetConsoleOutputCP, MultiByteToWideChar, SetFilePointer, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, CreateFileA, CloseHandle, FlushFileBuffers
GDI32.dll	GetCharWidthA
WINHTTP.dll	WinHttpConnect
MSIMG32.dll	AlphaBlend

Version Infos

Description	Data
Translations	0x0025 0x0305

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
03/15/22-17:29:33.760276	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	62099	8.8.8.8	192.168.2.4
03/15/22-17:29:33.890690	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	53775	8.8.8.8	192.168.2.4
03/15/22-17:29:34.146041	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	54800	8.8.8.8	192.168.2.4
03/15/22-17:29:34.549693	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60506	8.8.8.8	192.168.2.4
03/15/22-17:29:34.706393	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	64277	8.8.8.8	192.168.2.4
03/15/22-17:29:34.921637	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	56076	8.8.8.8	192.168.2.4
03/15/22-17:29:35.634143	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60647	8.8.8.8	192.168.2.4
03/15/22-17:29:35.881173	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	64909	8.8.8.8	192.168.2.4
03/15/22-17:29:40.557350	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60612	8.8.8.8	192.168.2.4
03/15/22-17:29:40.855490	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	56437	8.8.8.8	192.168.2.4
03/15/22-17:30:34.271450	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	59227	8.8.8.8	192.168.2.4
03/15/22-17:30:35.630826	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	50505	8.8.8.8	192.168.2.4
03/15/22-17:30:35.779808	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	50957	8.8.8.8	192.168.2.4
03/15/22-17:30:36.014369	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	59033	8.8.8.8	192.168.2.4
03/15/22-17:30:36.150413	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	54297	8.8.8.8	192.168.2.4
03/15/22-17:30:36.399511	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	51382	8.8.8.8	192.168.2.4
03/15/22-17:30:36.766781	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	57890	8.8.8.8	192.168.2.4
03/15/22-17:30:36.902215	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	58533	8.8.8.8	192.168.2.4
03/15/22-17:30:37.167648	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	62607	8.8.8.8	192.168.2.4
03/15/22-17:30:37.308546	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	54383	8.8.8.8	192.168.2.4
03/15/22-17:30:38.811265	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	58428	8.8.8.8	192.168.2.4
03/15/22-17:30:40.472908	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	50954	8.8.8.8	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 15, 2022 17:29:34.033814907 CET	49715	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:37.043978930 CET	49715	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:37.283871889 CET	55140	49715	185.213.155.164	192.168.2.4
Mar 15, 2022 17:29:37.284003019 CET	49715	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:37.284445047 CET	49715	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:38.376193047 CET	55140	49715	185.213.155.164	192.168.2.4
Mar 15, 2022 17:29:42.666698933 CET	49715	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:43.014530897 CET	49716	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:43.178400040 CET	55140	49716	185.213.155.164	192.168.2.4
Mar 15, 2022 17:29:43.178500891 CET	49716	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:43.179014921 CET	49716	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:43.392010927 CET	55140	49716	185.213.155.164	192.168.2.4
Mar 15, 2022 17:29:47.426352024 CET	49716	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:47.898809910 CET	49717	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:48.751812935 CET	55140	49716	185.213.155.164	192.168.2.4
Mar 15, 2022 17:29:48.751847982 CET	55140	49716	185.213.155.164	192.168.2.4
Mar 15, 2022 17:29:48.751883984 CET	49716	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:48.751918077 CET	49716	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:49.072932959 CET	55140	49716	185.213.155.164	192.168.2.4
Mar 15, 2022 17:29:49.072994947 CET	49716	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:49.603389025 CET	55140	49716	185.213.155.164	192.168.2.4
Mar 15, 2022 17:29:49.603456974 CET	49716	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:50.421065092 CET	55140	49717	185.213.155.164	192.168.2.4
Mar 15, 2022 17:29:50.421158075 CET	49717	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:50.421787977 CET	49717	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:52.478851080 CET	55140	49717	185.213.155.164	192.168.2.4
Mar 15, 2022 17:29:55.091303110 CET	49717	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:55.275121927 CET	49718	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:57.480567932 CET	55140	49718	185.213.155.164	192.168.2.4
Mar 15, 2022 17:29:57.480803013 CET	49718	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:57.617242098 CET	49718	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:29:59.541022062 CET	55140	49718	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:01.895699978 CET	49718	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:02.291810036 CET	49720	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:05.296325922 CET	49720	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:05.542222977 CET	55140	49720	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:05.542692900 CET	49720	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:05.567073107 CET	49720	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:07.655968904 CET	49720	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:08.619087934 CET	55140	49720	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:09.730654001 CET	49720	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:09.837738991 CET	49724	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:11.648669958 CET	55140	49720	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:11.648699999 CET	55140	49724	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:11.648757935 CET	49720	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:11.648817062 CET	49724	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:11.649313927 CET	49724	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:13.607971907 CET	55140	49724	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:17.303392887 CET	49724	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:17.397979975 CET	49725	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:20.406944990 CET	49725	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:22.732481003 CET	55140	49725	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:22.732647896 CET	49725	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:22.733364105 CET	49725	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:24.922913074 CET	49725	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:25.744445086 CET	55140	49725	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:25.744616985 CET	49725	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:26.790958881 CET	55140	49725	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:26.975837946 CET	49725	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:27.106713057 CET	49726	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:30.110883951 CET	49726	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:30.776854038 CET	55140	49725	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:30.777030945 CET	49725	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:32.792035103 CET	55140	49726	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:32.792162895 CET	49726	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:32.792685032 CET	49726	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:35.173840046 CET	49726	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:35.806693077 CET	55140	49726	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:35.806787968 CET	49726	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:37.022447109 CET	49726	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:37.147716045 CET	49727	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:37.900202036 CET	55140	49726	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:37.900335073 CET	49726	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:39.928751945 CET	55140	49726	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:39.928967953 CET	49726	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:40.142980099 CET	49727	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:41.017297983 CET	55140	49727	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:41.017512083 CET	49727	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:41.018551111 CET	49727	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:42.947130919 CET	55140	49727	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:45.062622070 CET	49727	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:45.146588087 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:45.925112963 CET	55140	49728	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:45.925244093 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:45.929311991 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:46.135063887 CET	55140	49728	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:47.964471102 CET	55140	49728	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:47.964504957 CET	55140	49728	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:47.964595079 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:48.049155951 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:48.224339962 CET	55140	49728	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:48.228251934 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:48.395653963 CET	55140	49728	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:48.400468111 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:48.564604998 CET	55140	49728	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:48.612555027 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:48.959301949 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:49.166119099 CET	55140	49728	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:49.166213989 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:49.384495974 CET	55140	49728	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:50.109846115 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:50.207765102 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:50.274012089 CET	55140	49728	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:50.371979952 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:50.372081041 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:50.372709990 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:50.554661036 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:50.556718111 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:50.556808949 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:50.651679993 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:50.821619034 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:50.822000980 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:50.824665070 CET	55140	49728	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:50.824784994 CET	49728	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:50.989041090 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:51.039623022 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:51.205238104 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:51.253259897 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:51.413330078 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:51.619523048 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:52.685082912 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:52.901685953 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:54.226741076 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:54.431456089 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:54.431580067 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:54.651037931 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:55.208252907 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:55.373048067 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:55.629889011 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:55.794562101 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:55.794708967 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:55.796083927 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:55.984698057 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:55.984895945 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:55.984947920 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:56.067434072 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:56.238097906 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:56.238560915 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:56.447675943 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:56.582040071 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:56.722470999 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:56.825193882 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:56.931497097 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:56.931581974 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:57.222517967 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:57.322036982 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:57.322148085 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:57.628830910 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:58.011535883 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:58.011596918 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:58.011681080 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:58.228455067 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:58.817065001 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:59.025922060 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:30:59.026076078 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:30:59.243870974 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:00.063388109 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:00.160728931 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:00.227916956 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:00.325539112 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:00.325670004 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:00.328268051 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:00.509243965 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:00.509291887 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:00.509427071 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:00.578028917 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:00.779397964 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:00.779714108 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:00.839293957 CET	55140	49730	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:00.839478970 CET	49730	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:00.839823008 CET	55140	49729	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:00.840207100 CET	49729	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:00.947309971 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:00.988477945 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:01.153337002 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:01.207196951 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:01.350929976 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:01.556818962 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:02.369441986 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:02.722978115 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:03.113831043 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:03.118786097 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:03.348993063 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:03.721407890 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:03.721436977 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:03.775732040 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:03.775814056 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:04.285595894 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:04.317456007 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:04.414824009 CET	49732	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:04.910665989 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:05.072235107 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:05.692028999 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:06.848297119 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:07.098095894 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:07.098149061 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:07.098187923 CET	55140	49732	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:07.098320961 CET	49732	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:07.098356962 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:07.099608898 CET	49732	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:07.602552891 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:10.113193989 CET	55140	49732	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:10.113255978 CET	49732	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:10.129929066 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:10.175204039 CET	55140	49732	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:10.849555016 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:10.849713087 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:11.221935034 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:11.222063065 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:11.628448963 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:11.628587961 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:12.362746000 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:12.362915039 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:13.815999031 CET	55140	49731	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:13.816191912 CET	49731	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:13.842490911 CET	49732	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:13.966845036 CET	49733	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:16.973707914 CET	49733	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:20.286931038 CET	55140	49733	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:20.287075043 CET	49733	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:20.291954041 CET	49733	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:22.193311930 CET	49733	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:23.300234079 CET	55140	49733	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:23.300344944 CET	49733	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:24.118972063 CET	49733	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:24.650398016 CET	49734	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:27.331043005 CET	55140	49733	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:27.331157923 CET	49733	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:27.662575960 CET	49734	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:29.316426039 CET	55140	49733	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:29.316530943 CET	49733	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:29.323065042 CET	55140	49734	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:29.324018955 CET	49734	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:29.324502945 CET	49734	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:31.240967989 CET	49734	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:32.332092047 CET	55140	49734	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:32.333008051 CET	49734	55140	192.168.2.4	185.213.155.164
Mar 15, 2022 17:31:34.396266937 CET	55140	49734	185.213.155.164	192.168.2.4
Mar 15, 2022 17:31:37.380606890 CET	55140	49734	185.213.155.164	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 15, 2022 17:29:33.651638985 CET	62099	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:33.760276079 CET	53	62099	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:33.782334089 CET	53775	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:33.890690088 CET	53	53775	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:34.036942959 CET	54800	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:34.146040916 CET	53	54800	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:34.308057070 CET	64454	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:34.326905012 CET	53	64454	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:34.442190886 CET	60506	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:34.549693108 CET	53	60506	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:34.687438011 CET	64277	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:34.706393003 CET	53	64277	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:34.814285040 CET	56076	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:34.921637058 CET	53	56076	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:35.338607073 CET	60758	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:35.357336044 CET	53	60758	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:35.524545908 CET	60647	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:35.634143114 CET	53	60647	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:35.774442911 CET	64909	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:35.881172895 CET	53	64909	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:36.006824970 CET	60381	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:36.025619984 CET	53	60381	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:36.933866978 CET	56509	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:36.952472925 CET	53	56509	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:37.064917088 CET	54069	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:37.083872080 CET	53	54069	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:37.287226915 CET	57747	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:37.306549072 CET	53	57747	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:37.445935965 CET	58171	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:37.465749025 CET	53	58171	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:39.018778086 CET	57594	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:39.039035082 CET	53	57594	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:39.225986958 CET	60512	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:39.247200966 CET	53	60512	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:39.426934004 CET	61361	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:39.444010973 CET	53	61361	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:39.564747095 CET	50445	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:39.583849907 CET	53	50445	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:39.752434969 CET	51679	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:39.771110058 CET	53	51679	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:39.880841017 CET	52472	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:39.899733067 CET	53	52472	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:40.085488081 CET	62354	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:40.111679077 CET	53	62354	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:40.221793890 CET	50061	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:40.240329981 CET	53	50061	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:40.445584059 CET	60612	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:40.557349920 CET	53	60612	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:40.675976992 CET	58816	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:40.692433119 CET	53	58816	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:40.833786011 CET	56437	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:40.855489969 CET	53	56437	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:40.970649958 CET	64825	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:40.989217043 CET	53	64825	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:41.121135950 CET	53989	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:41.139244080 CET	53	53989	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:41.260839939 CET	63431	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:41.279700994 CET	53	63431	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:41.412688971 CET	56901	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:41.431776047 CET	53	56901	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:41.548872948 CET	50800	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:41.565788984 CET	53	50800	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:41.725845098 CET	52256	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:41.745071888 CET	53	52256	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:41.863840103 CET	61081	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:41.880951881 CET	53	61081	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:42.031074047 CET	63712	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:42.049738884 CET	53	63712	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:42.160312891 CET	64316	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:42.177319050 CET	53	64316	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:42.307542086 CET	50778	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:42.323925972 CET	53	50778	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:42.450249910 CET	61486	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:42.466800928 CET	53	61486	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:42.802218914 CET	61497	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:42.820755959 CET	53	61497	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:42.949054956 CET	57890	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:42.967655897 CET	53	57890	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:43.146797895 CET	55142	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:43.167829037 CET	53	55142	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:43.282538891 CET	55271	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:43.299453020 CET	53	55271	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:43.426948071 CET	64948	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:43.443061113 CET	53	64948	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:43.566771030 CET	60418	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:43.585890055 CET	53	60418	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:43.729366064 CET	64259	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:43.750031948 CET	53	64259	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:43.876286030 CET	61068	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:43.895330906 CET	53	61068	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:44.020605087 CET	58715	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:44.039827108 CET	53	58715	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:44.161935091 CET	57816	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:44.179991007 CET	53	57816	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:44.330892086 CET	51787	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:44.348366022 CET	53	51787	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:44.470763922 CET	53916	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:44.490300894 CET	53	53916	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:44.616122961 CET	60790	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:44.637110949 CET	53	60790	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:44.763029099 CET	62708	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:44.779727936 CET	53	62708	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:44.912642002 CET	60946	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:44.933744907 CET	53	60946	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:45.087533951 CET	53483	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:45.107484102 CET	53	53483	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:45.246918917 CET	61780	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:45.265202999 CET	53	61780	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:45.390173912 CET	57567	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:45.409183979 CET	53	57567	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:45.553154945 CET	50661	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:45.572304964 CET	53	50661	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:45.703840971 CET	51110	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:45.724627018 CET	53	51110	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:45.866297960 CET	55179	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:45.888439894 CET	53	55179	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:46.002796888 CET	59510	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:46.021044016 CET	53	59510	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:46.207511902 CET	49320	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:46.225924969 CET	53	49320	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:46.348690987 CET	58863	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:46.365500927 CET	53	58863	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:46.514894009 CET	65287	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:46.533639908 CET	53	65287	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:46.643882990 CET	57020	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:46.662447929 CET	53	57020	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:46.793755054 CET	55125	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:46.811825991 CET	53	55125	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:46.946621895 CET	49870	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:46.963313103 CET	53	49870	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:47.097793102 CET	53480	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:47.116580963 CET	53	53480	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:47.665499926 CET	64945	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:47.683182001 CET	53	64945	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:47.842685938 CET	57992	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:47.861162901 CET	53	57992	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:48.048691988 CET	55664	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:48.067550898 CET	53	55664	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:48.407855988 CET	55479	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:48.426589966 CET	53	55479	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:48.562633991 CET	51679	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:48.579442024 CET	53	51679	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:48.692071915 CET	50121	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:48.709938049 CET	53	50121	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:48.854378939 CET	61030	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:48.872443914 CET	53	61030	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:48.988951921 CET	62468	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:49.007533073 CET	53	62468	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:49.163216114 CET	50737	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:49.179680109 CET	53	50737	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:49.299058914 CET	53970	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:49.317950964 CET	53	53970	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:49.450334072 CET	65168	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:49.467946053 CET	53	65168	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:49.595264912 CET	61849	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:49.613773108 CET	53	61849	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:49.746340036 CET	62643	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:49.765499115 CET	53	62643	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:49.912581921 CET	61888	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:49.933196068 CET	53	61888	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:50.066701889 CET	61499	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:50.085282087 CET	53	61499	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:50.206687927 CET	63356	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:50.225434065 CET	53	63356	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:50.395627975 CET	57376	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:50.416547060 CET	53	57376	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:50.536062956 CET	63429	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:50.552664995 CET	53	63429	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:50.704197884 CET	65489	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:50.723253012 CET	53	65489	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:50.831475973 CET	51239	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:50.849601984 CET	53	51239	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:50.983534098 CET	52656	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:50.999639988 CET	53	52656	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:51.125281096 CET	61135	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:51.143691063 CET	53	61135	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:51.275546074 CET	51417	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:51.292397022 CET	53	51417	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:51.409516096 CET	57020	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:51.428209066 CET	53	57020	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:51.585731983 CET	55659	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:51.608129025 CET	53	55659	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:51.723298073 CET	49579	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:51.741764069 CET	53	49579	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:51.911819935 CET	60445	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:51.928289890 CET	53	60445	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:52.034564972 CET	54813	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:52.053303957 CET	53	54813	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:52.199404001 CET	56520	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:52.218220949 CET	53	56520	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:52.331839085 CET	60233	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:52.352193117 CET	53	60233	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:52.495857954 CET	49890	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:52.517158031 CET	53	49890	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:52.627574921 CET	57838	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:52.643743038 CET	53	57838	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:52.775043011 CET	54661	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:52.795270920 CET	53	54661	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:52.910355091 CET	62646	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:52.929344893 CET	53	62646	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:53.071032047 CET	55569	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:53.087909937 CET	53	55569	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:53.210494995 CET	61114	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:53.229262114 CET	53	61114	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:53.381023884 CET	51398	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:53.399960041 CET	53	51398	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:53.559582949 CET	61902	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:53.576560020 CET	53	61902	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:53.713874102 CET	58165	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:53.732767105 CET	53	58165	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:53.864017010 CET	54299	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:53.881146908 CET	53	54299	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:54.003976107 CET	65359	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:54.022995949 CET	53	65359	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:54.145911932 CET	63725	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:54.164764881 CET	53	63725	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:54.317665100 CET	57864	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:54.335916996 CET	53	57864	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:55.107808113 CET	55006	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:55.124010086 CET	53	55006	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:55.273215055 CET	49839	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:55.291604996 CET	53	49839	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:56.012020111 CET	51560	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:56.029058933 CET	53	51560	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:56.196851015 CET	51478	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:56.213742018 CET	53	51478	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:56.411803007 CET	58098	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:56.430938959 CET	53	58098	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:56.609795094 CET	61269	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:56.626565933 CET	53	61269	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:57.945661068 CET	65060	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:57.965049028 CET	53	65060	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:58.081093073 CET	51728	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:58.099390984 CET	53	51728	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:58.233095884 CET	50780	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:58.251347065 CET	53	50780	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:58.364228010 CET	56416	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:58.381542921 CET	53	56416	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:58.505773067 CET	57546	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:58.522675037 CET	53	57546	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:58.650726080 CET	62764	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:58.675678015 CET	53	62764	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:58.809467077 CET	51082	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:58.828243971 CET	53	51082	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:58.946322918 CET	64135	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:58.964571953 CET	53	64135	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:59.140347004 CET	51285	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:59.159034967 CET	53	51285	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:59.275249004 CET	63648	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:59.292448044 CET	53	63648	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:59.426568985 CET	51469	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:59.444762945 CET	53	51469	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:59.553066015 CET	53919	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:59.569571972 CET	53	53919	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:59.704276085 CET	63863	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:59.721537113 CET	53	63863	8.8.8.8	192.168.2.4
Mar 15, 2022 17:29:59.854422092 CET	57316	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:29:59.873231888 CET	53	57316	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:00.006253958 CET	62948	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:00.022809029 CET	53	62948	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:00.146050930 CET	49643	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:00.164640903 CET	53	49643	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:00.310219049 CET	62225	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:00.327310085 CET	53	62225	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:00.440006018 CET	63555	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:00.456914902 CET	53	63555	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:00.577496052 CET	51863	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:00.596313000 CET	53	51863	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:00.710226059 CET	51672	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:00.728971958 CET	53	51672	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:00.872464895 CET	49779	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:00.890610933 CET	53	49779	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:01.012402058 CET	64925	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:01.029273033 CET	53	64925	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:01.197683096 CET	57347	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:01.214709997 CET	53	57347	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:01.334614992 CET	49656	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:01.350847006 CET	53	49656	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:01.474240065 CET	62739	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:01.492535114 CET	53	62739	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:01.915460110 CET	61457	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:01.934509039 CET	53	61457	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:02.295149088 CET	59845	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:02.314338923 CET	53	59845	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:02.436872005 CET	64236	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:02.455672979 CET	53	64236	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:02.568661928 CET	64044	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:02.586395979 CET	53	64044	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:02.725176096 CET	57361	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:02.743869066 CET	53	57361	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:02.864592075 CET	63284	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:02.881593943 CET	53	63284	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:02.997827053 CET	50715	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:03.016602993 CET	53	50715	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:03.136799097 CET	53990	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:03.153498888 CET	53	53990	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:03.282243967 CET	50687	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:03.299031019 CET	53	50687	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:03.410279989 CET	63481	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:03.428560972 CET	53	63481	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:03.554605961 CET	58397	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:03.573165894 CET	53	58397	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:03.691234112 CET	57524	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:03.709990025 CET	53	57524	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:03.829689026 CET	57930	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:03.848809004 CET	53	57930	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:03.957626104 CET	56576	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:03.975824118 CET	53	56576	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:04.095819950 CET	62484	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:04.115051985 CET	53	62484	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:04.238218069 CET	63349	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:04.255137920 CET	53	63349	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:04.385884047 CET	65080	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:04.404195070 CET	53	65080	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:04.520855904 CET	64784	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:04.537368059 CET	53	64784	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:04.661712885 CET	60090	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:04.680016041 CET	53	60090	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:04.801541090 CET	49623	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:04.826606035 CET	53	49623	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:04.954217911 CET	52489	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:04.973257065 CET	53	52489	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:05.115528107 CET	57496	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:05.131773949 CET	53	57496	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:05.253618956 CET	57686	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:05.270051003 CET	53	57686	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:05.379765987 CET	54335	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:05.398745060 CET	53	54335	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:05.577074051 CET	62936	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:05.593168974 CET	53	62936	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:05.714787960 CET	60424	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:05.731939077 CET	53	60424	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:05.859862089 CET	57873	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:05.877988100 CET	53	57873	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:05.989939928 CET	49456	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:06.006896973 CET	53	49456	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:06.121064901 CET	60471	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:06.138079882 CET	53	60471	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:06.256340981 CET	51367	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:06.274414062 CET	53	51367	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:06.402478933 CET	50465	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:06.420639038 CET	53	50465	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:06.534750938 CET	56207	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:06.552870989 CET	53	56207	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:06.666974068 CET	64868	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:06.685159922 CET	53	64868	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:06.802668095 CET	58489	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:06.821084023 CET	53	58489	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:06.950282097 CET	59153	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:06.968533039 CET	53	59153	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:07.084326029 CET	54777	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:07.100446939 CET	53	54777	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:07.214123964 CET	61070	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:07.232486010 CET	53	61070	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:07.350936890 CET	61233	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:07.370012999 CET	53	61233	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:07.501993895 CET	64794	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:07.520174026 CET	53	64794	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:07.650193930 CET	51622	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:07.666697025 CET	53	51622	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:07.801393032 CET	59177	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:07.819798946 CET	53	59177	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:07.929039001 CET	51658	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:07.947582006 CET	53	51658	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:08.088022947 CET	57276	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:08.104408026 CET	53	57276	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:08.222482920 CET	64415	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:08.240585089 CET	53	64415	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:08.358202934 CET	63403	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:08.378551006 CET	53	63403	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:08.489211082 CET	53668	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:08.506350994 CET	53	53668	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:08.661854029 CET	54411	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:08.680377007 CET	53	54411	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:08.802959919 CET	50269	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:08.821408987 CET	53	50269	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:08.966248989 CET	58948	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:08.988440037 CET	53	58948	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:09.097151041 CET	57339	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:09.113672018 CET	53	57339	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:09.234133959 CET	53466	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:09.252300978 CET	53	53466	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:09.364855051 CET	62771	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:09.383039951 CET	53	62771	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:09.735347986 CET	52045	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:09.753591061 CET	53	52045	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:09.864227057 CET	49771	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:09.883198977 CET	53	49771	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:10.021378040 CET	49373	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:10.040194988 CET	53	49373	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:10.161458969 CET	63860	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:10.180450916 CET	53	63860	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:10.310187101 CET	60442	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:10.328402996 CET	53	60442	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:10.446655035 CET	57631	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:10.465616941 CET	53	57631	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:10.591315031 CET	64554	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:10.608251095 CET	53	64554	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:10.723402023 CET	49245	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:10.743135929 CET	53	49245	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:10.878840923 CET	61376	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:10.897877932 CET	53	61376	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:11.010371923 CET	53297	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:11.027151108 CET	53	53297	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:11.154040098 CET	61754	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:11.175606966 CET	53	61754	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:11.285185099 CET	61305	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:11.303282022 CET	53	61305	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:11.428039074 CET	60454	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:11.446461916 CET	53	60454	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:11.571764946 CET	62669	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:11.590050936 CET	53	62669	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:11.715029955 CET	55037	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:11.731539011 CET	53	55037	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:11.848705053 CET	57668	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:11.865102053 CET	53	57668	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:11.990005970 CET	60596	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:12.008852959 CET	53	60596	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:12.128552914 CET	59166	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:12.146754980 CET	53	59166	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:12.266128063 CET	56929	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:12.283169031 CET	53	56929	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:12.423871994 CET	63032	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:12.441983938 CET	53	63032	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:12.562458992 CET	51104	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:12.580715895 CET	53	51104	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:12.699862957 CET	61392	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:12.716562986 CET	53	61392	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:12.844791889 CET	57202	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:12.863082886 CET	53	57202	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:12.977629900 CET	57325	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:12.996323109 CET	53	57325	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:13.151398897 CET	52279	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:13.170902014 CET	53	52279	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:13.286395073 CET	54774	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:13.304702997 CET	53	54774	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:13.607832909 CET	50831	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:13.626056910 CET	53	50831	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:13.764065027 CET	52329	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:13.782706976 CET	53	52329	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:13.911448956 CET	57640	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:13.929697037 CET	53	57640	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:14.082242966 CET	54573	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:14.101126909 CET	53	54573	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:14.215297937 CET	55411	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:14.233875036 CET	53	55411	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:14.964453936 CET	54560	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:14.983457088 CET	53	54560	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:15.148077011 CET	49448	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:15.166443110 CET	53	49448	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:15.291008949 CET	52843	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:15.307991028 CET	53	52843	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:15.504200935 CET	54213	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:15.522810936 CET	53	54213	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:16.708666086 CET	55516	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:16.724888086 CET	53	55516	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:16.910562038 CET	54342	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:16.929416895 CET	53	54342	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:17.322467089 CET	52895	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:17.341285944 CET	53	52895	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:17.473882914 CET	60351	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:17.492711067 CET	53	60351	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:17.610786915 CET	62248	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:17.631035089 CET	53	62248	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:17.741560936 CET	60843	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:17.760217905 CET	53	60843	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:17.887931108 CET	55540	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:17.904742002 CET	53	55540	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:18.021917105 CET	64970	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:18.040107965 CET	53	64970	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:18.157288074 CET	50377	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:18.175719023 CET	53	50377	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:18.290465117 CET	64097	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:18.306953907 CET	53	64097	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:18.457138062 CET	65403	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:18.476408958 CET	53	65403	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:18.586110115 CET	53289	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:18.603069067 CET	53	53289	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:18.734179020 CET	57068	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:18.752887964 CET	53	57068	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:18.869609118 CET	54032	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:18.888405085 CET	53	54032	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:19.014183998 CET	52883	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:19.030623913 CET	53	52883	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:19.186492920 CET	50990	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:19.203591108 CET	53	50990	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:19.334533930 CET	63848	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:19.351428986 CET	53	63848	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:19.460397959 CET	58338	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:19.482044935 CET	53	58338	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:19.616976976 CET	53895	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:19.633507967 CET	53	53895	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:19.741431952 CET	55640	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:19.758385897 CET	53	55640	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:19.877708912 CET	63628	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:19.896960020 CET	53	63628	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:20.022480011 CET	60247	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:20.040760994 CET	53	60247	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:20.185033083 CET	55167	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:20.202105045 CET	53	55167	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:20.320967913 CET	65324	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:20.339260101 CET	53	65324	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:20.470937967 CET	54693	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:20.488132954 CET	53	54693	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:20.599291086 CET	52541	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:20.616149902 CET	53	52541	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:20.734239101 CET	55407	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:20.752695084 CET	53	55407	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:20.882550001 CET	62253	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:20.899079084 CET	53	62253	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:21.023194075 CET	62156	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:21.042318106 CET	53	62156	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:21.161847115 CET	58010	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:21.178360939 CET	53	58010	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:21.296926022 CET	51795	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:21.313546896 CET	53	51795	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:21.457442999 CET	63140	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:21.473917007 CET	53	63140	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:21.596080065 CET	60963	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:21.617309093 CET	53	60963	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:21.739670038 CET	50348	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:21.756213903 CET	53	50348	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:21.891079903 CET	51923	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:21.909617901 CET	53	51923	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:22.022370100 CET	51281	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:22.040858984 CET	53	51281	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:22.191353083 CET	52641	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:22.207859039 CET	53	52641	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:22.318320990 CET	57884	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:22.338732958 CET	53	57884	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:22.472471952 CET	54417	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:22.495110035 CET	53	54417	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:22.629209995 CET	63611	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:22.647739887 CET	53	63611	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:22.762352943 CET	50455	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:22.780802965 CET	53	50455	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:22.897645950 CET	53023	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:22.916409969 CET	53	53023	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:23.052658081 CET	51912	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:23.071885109 CET	53	51912	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:23.195889950 CET	57666	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:23.214936018 CET	53	57666	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:23.344840050 CET	64057	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:23.363605976 CET	53	64057	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:23.479089975 CET	53867	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:23.495484114 CET	53	53867	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:23.656387091 CET	65020	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:23.675426960 CET	53	65020	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:23.787579060 CET	61827	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:23.805543900 CET	53	61827	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:23.942440033 CET	52370	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:23.960712910 CET	53	52370	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:24.068523884 CET	58975	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:24.086658955 CET	53	58975	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:24.211225986 CET	63000	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:24.229386091 CET	53	63000	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:24.348850012 CET	65165	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:24.367247105 CET	53	65165	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:24.499689102 CET	59621	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:24.517924070 CET	53	59621	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:24.630785942 CET	50324	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:24.647181988 CET	53	50324	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:24.763544083 CET	50589	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:24.780109882 CET	53	50589	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:24.897547007 CET	63107	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:24.914072037 CET	53	63107	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:25.041237116 CET	56488	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:25.057841063 CET	53	56488	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:25.177795887 CET	54720	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:25.194220066 CET	53	54720	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:25.312330008 CET	61684	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:25.337059021 CET	53	61684	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:25.444261074 CET	52958	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:25.460946083 CET	53	52958	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:25.608936071 CET	63058	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:25.627626896 CET	53	63058	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:25.741878986 CET	64602	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:25.760214090 CET	53	64602	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:25.890604019 CET	62042	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:25.907253027 CET	53	62042	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:26.023509979 CET	53357	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:26.042213917 CET	53	53357	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:26.177737951 CET	59637	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:26.195887089 CET	53	59637	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:26.303227901 CET	53847	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:26.322693110 CET	53	53847	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:26.473086119 CET	49601	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:26.491316080 CET	53	49601	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:27.020157099 CET	53510	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:27.038790941 CET	53	53510	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:27.163508892 CET	59239	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:27.182220936 CET	53	59239	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:27.316168070 CET	50397	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:27.336577892 CET	53	50397	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:27.463176966 CET	52067	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:27.481342077 CET	53	52067	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:27.614440918 CET	49591	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:27.631014109 CET	53	49591	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:27.777259111 CET	60973	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:27.795586109 CET	53	60973	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:27.924437046 CET	54129	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:27.943001032 CET	53	54129	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:28.053205967 CET	49872	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:28.071975946 CET	53	49872	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:28.217780113 CET	49339	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:28.236367941 CET	53	49339	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:28.350714922 CET	58037	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:28.367192984 CET	53	58037	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:28.486816883 CET	60229	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:28.505263090 CET	53	60229	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:28.625526905 CET	53082	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:28.643764019 CET	53	53082	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:28.766530037 CET	49619	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:28.783031940 CET	53	49619	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:28.897313118 CET	64540	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:28.919316053 CET	53	64540	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:29.044754028 CET	55741	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:29.061259985 CET	53	55741	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:29.178229094 CET	61674	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:29.196772099 CET	53	61674	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:29.313102961 CET	58558	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:29.330326080 CET	53	58558	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:29.443902969 CET	56689	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:29.462021112 CET	53	56689	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:29.580842972 CET	50779	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:29.599013090 CET	53	50779	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:29.709959030 CET	63045	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:29.728177071 CET	53	63045	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:29.884057045 CET	64397	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:29.902156115 CET	53	64397	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:30.021053076 CET	64352	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:30.039398909 CET	53	64352	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:30.188235044 CET	49392	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:30.204462051 CET	53	49392	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:30.318767071 CET	50155	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:30.335052013 CET	53	50155	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:30.454351902 CET	56346	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:30.472304106 CET	53	56346	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:30.585310936 CET	53268	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:30.605082989 CET	53	53268	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:30.735188961 CET	51641	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:30.751559973 CET	53	51641	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:30.868954897 CET	63530	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:30.887574911 CET	53	63530	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:31.012927055 CET	56236	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:31.029407978 CET	53	56236	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:31.148077011 CET	49909	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:31.164482117 CET	53	49909	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:31.277738094 CET	57830	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:31.296340942 CET	53	57830	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:31.415985107 CET	58929	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:31.434876919 CET	53	58929	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:31.568466902 CET	61759	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:31.586222887 CET	53	61759	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:31.710071087 CET	51721	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:31.727612019 CET	53	51721	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:31.841562033 CET	63464	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:31.860349894 CET	53	63464	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:31.979398012 CET	50043	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:31.998081923 CET	53	50043	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:32.170231104 CET	64960	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:32.189152002 CET	53	64960	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:32.514039993 CET	57989	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:32.532346964 CET	53	57989	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:32.654026985 CET	64353	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:32.672714949 CET	53	64353	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:32.793366909 CET	50189	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:32.809459925 CET	53	50189	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:32.974526882 CET	54582	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:32.992866993 CET	53	54582	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:33.100234985 CET	54114	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:33.118432999 CET	53	54114	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:33.694735050 CET	49724	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:33.713342905 CET	53	49724	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:33.836074114 CET	61475	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:33.855038881 CET	53	61475	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:34.023530960 CET	64650	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:34.044529915 CET	53	64650	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:34.164427042 CET	59227	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:34.271450043 CET	53	59227	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:35.523993015 CET	50505	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:35.630825996 CET	53	50505	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:35.760853052 CET	50957	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:35.779808044 CET	53	50957	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:35.905962944 CET	59033	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:36.014369011 CET	53	59033	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:36.133512020 CET	54297	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:36.150413036 CET	53	54297	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:36.292227030 CET	51382	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:36.399511099 CET	53	51382	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:36.514152050 CET	50762	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:36.530852079 CET	53	50762	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:36.658139944 CET	57890	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:36.766781092 CET	53	57890	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:36.883445024 CET	58533	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:36.902215004 CET	53	58533	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:37.058768034 CET	62607	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:37.167648077 CET	53	62607	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:37.289378881 CET	54383	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:37.308546066 CET	53	54383	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:37.477715015 CET	64357	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:37.496300936 CET	53	64357	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:37.615148067 CET	52117	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:37.633675098 CET	53	52117	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:37.977355003 CET	63071	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:37.996308088 CET	53	63071	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:38.119564056 CET	65151	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:38.135931969 CET	53	65151	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:38.269020081 CET	54362	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:38.288059950 CET	53	54362	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:38.399296045 CET	55046	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:38.417836905 CET	53	55046	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:38.554614067 CET	61722	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:38.573399067 CET	53	61722	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:38.702646017 CET	58428	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:38.811264992 CET	53	58428	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:38.939331055 CET	51391	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:38.957926989 CET	53	51391	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:39.073067904 CET	63877	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:39.090362072 CET	53	63877	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:39.219193935 CET	56046	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:39.237366915 CET	53	56046	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:39.358838081 CET	51340	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:39.377111912 CET	53	51340	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:39.507514954 CET	56136	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:39.523741961 CET	53	56136	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:39.631678104 CET	59570	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:39.648911953 CET	53	59570	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:39.817605019 CET	56999	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:39.834811926 CET	53	56999	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:39.943988085 CET	54701	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:39.964608908 CET	53	54701	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:40.098949909 CET	52285	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:40.115458012 CET	53	52285	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:40.224562883 CET	54844	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:40.243098021 CET	53	54844	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:40.361531973 CET	50954	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:40.472908020 CET	53	50954	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:40.585269928 CET	62213	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:40.604947090 CET	53	62213	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:40.740140915 CET	50421	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:40.757191896 CET	53	50421	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:40.879631996 CET	59601	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:40.896919012 CET	53	59601	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:41.019666910 CET	54012	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:41.036262989 CET	53	54012	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:41.149893045 CET	64748	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:41.168570995 CET	53	64748	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:41.300189018 CET	55508	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:41.321962118 CET	53	55508	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:41.444860935 CET	51027	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:41.463291883 CET	53	51027	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:41.578610897 CET	52553	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:41.597496986 CET	53	52553	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:41.709177017 CET	55426	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:41.728035927 CET	53	55426	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:41.885175943 CET	56206	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:41.904182911 CET	53	56206	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:42.026546001 CET	52430	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:42.045459032 CET	53	52430	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:42.187020063 CET	56591	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:42.206296921 CET	53	56591	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:42.319756031 CET	56884	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:42.336863041 CET	53	56884	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:42.453052998 CET	54987	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:42.471606970 CET	53	54987	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:42.606350899 CET	63729	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:42.623369932 CET	53	63729	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:42.754101992 CET	52967	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:42.771013975 CET	53	52967	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:42.883829117 CET	62262	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:42.902998924 CET	53	62262	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:43.037991047 CET	63959	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:43.056319952 CET	53	63959	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:43.186067104 CET	49527	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:43.205044985 CET	53	49527	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:43.335752010 CET	49264	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:43.354501009 CET	53	49264	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:43.462250948 CET	57349	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:43.479001999 CET	53	57349	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:43.616795063 CET	54138	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:43.637419939 CET	53	54138	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:43.756191015 CET	50741	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:43.773225069 CET	53	50741	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:43.889153957 CET	55830	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:43.906073093 CET	53	55830	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:44.041851997 CET	52841	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:44.060481071 CET	53	52841	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:44.188096046 CET	60719	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:44.206938982 CET	53	60719	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:44.333560944 CET	52856	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:44.350548029 CET	53	52856	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:44.470452070 CET	64684	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:44.489320040 CET	53	64684	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:44.600692034 CET	58290	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:44.619196892 CET	53	58290	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:44.736352921 CET	51011	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:44.755786896 CET	53	51011	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:45.067908049 CET	58779	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:45.087059975 CET	53	58779	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:45.201831102 CET	54455	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:45.220207930 CET	53	54455	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:45.334114075 CET	49597	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:45.353867054 CET	53	49597	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:45.472543001 CET	60953	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:45.492969036 CET	53	60953	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:45.602211952 CET	57000	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:45.621145010 CET	53	57000	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:45.757148981 CET	64421	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:45.776271105 CET	53	64421	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:45.900701046 CET	64147	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:45.919970036 CET	53	64147	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:46.045859098 CET	49251	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:46.062537909 CET	53	49251	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:46.181823969 CET	62996	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:46.202421904 CET	53	62996	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:46.329102993 CET	65090	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:46.347420931 CET	53	65090	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:46.461213112 CET	63066	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:46.479461908 CET	53	63066	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:46.602612019 CET	63652	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:46.621872902 CET	53	63652	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:46.746203899 CET	55676	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:46.764950991 CET	53	55676	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:46.894644022 CET	57163	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:46.912988901 CET	53	57163	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:47.022738934 CET	50513	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:47.039863110 CET	53	50513	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:47.189642906 CET	58963	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:47.208169937 CET	53	58963	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:47.334774971 CET	57650	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:47.353674889 CET	53	57650	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:47.468636036 CET	58472	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:47.487025976 CET	53	58472	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:47.601768017 CET	62733	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:47.618891001 CET	53	62733	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:47.738461971 CET	63724	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:47.756968021 CET	53	63724	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:47.866648912 CET	54148	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:47.885518074 CET	53	54148	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:48.031384945 CET	51436	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:48.050054073 CET	53	51436	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:48.164207935 CET	63006	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:48.182291985 CET	53	63006	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:48.299415112 CET	64632	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:48.318531036 CET	53	64632	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:48.433839083 CET	56213	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:48.452637911 CET	53	56213	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:48.580708027 CET	50822	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:48.599626064 CET	53	50822	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:48.711317062 CET	52094	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:48.729948997 CET	53	52094	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:48.884083033 CET	53076	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:48.902844906 CET	53	53076	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:49.024115086 CET	62988	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:49.042249918 CET	53	62988	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:49.171581984 CET	49375	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:49.188076019 CET	53	49375	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:49.306333065 CET	57390	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:49.323075056 CET	53	57390	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:49.436430931 CET	52477	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:49.455518961 CET	53	52477	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:49.575057030 CET	55969	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:49.594281912 CET	53	55969	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:49.727051973 CET	63064	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:49.744049072 CET	53	63064	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:50.118067026 CET	63274	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:50.136446953 CET	53	63274	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:50.245881081 CET	54228	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:50.264385939 CET	53	54228	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:50.394881010 CET	50833	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:50.413714886 CET	53	50833	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:50.523864031 CET	60374	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:50.541685104 CET	53	60374	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:50.656142950 CET	63365	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:50.674716949 CET	53	63365	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:50.792851925 CET	65364	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:50.811916113 CET	53	65364	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:50.977835894 CET	52765	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:50.994733095 CET	53	52765	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:51.148772001 CET	52230	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:51.169224977 CET	53	52230	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:51.373425007 CET	62183	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:51.389938116 CET	53	62183	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:51.506841898 CET	63969	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:51.523274899 CET	53	63969	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:51.638927937 CET	50579	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:51.656466007 CET	53	50579	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:51.814203978 CET	60278	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:51.833012104 CET	53	60278	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:51.951390982 CET	54060	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:51.970714092 CET	53	54060	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:52.089488029 CET	50060	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:52.108716011 CET	53	50060	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:52.642560005 CET	65484	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:52.664807081 CET	53	65484	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:52.805461884 CET	55962	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:52.824918032 CET	53	55962	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:52.955360889 CET	55182	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:52.974417925 CET	53	55182	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:53.144612074 CET	56958	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:53.165549994 CET	53	56958	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:54.226320982 CET	53211	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:54.244474888 CET	53	53211	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:54.352541924 CET	62970	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:54.369203091 CET	53	62970	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:54.538754940 CET	60946	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:54.557360888 CET	53	60946	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:54.664982080 CET	55439	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:54.684055090 CET	53	55439	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:54.795047998 CET	59773	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:54.812292099 CET	53	59773	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:54.929518938 CET	60703	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:54.948630095 CET	53	60703	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:55.081293106 CET	58515	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:55.101263046 CET	53	58515	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:55.517354012 CET	60476	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:55.534271002 CET	53	60476	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:55.653202057 CET	57252	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:55.672504902 CET	53	57252	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:55.809298038 CET	55096	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:55.826105118 CET	53	55096	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:55.946569920 CET	52441	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:55.963299036 CET	53	52441	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:56.101111889 CET	62956	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:56.119362116 CET	53	62956	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:56.232601881 CET	57653	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:56.250804901 CET	53	57653	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:56.381643057 CET	59084	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:56.397926092 CET	53	59084	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:56.508697033 CET	55640	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:56.524985075 CET	53	55640	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:56.639018059 CET	59714	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:56.659451008 CET	53	59714	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:56.779274940 CET	58142	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:56.796314001 CET	53	58142	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:56.922188044 CET	54878	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:56.940917969 CET	53	54878	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:57.066833973 CET	49900	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:57.086941004 CET	53	49900	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:57.202012062 CET	54959	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:57.220892906 CET	53	54959	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:57.337533951 CET	64339	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:57.358076096 CET	53	64339	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:57.485917091 CET	54846	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:57.504374027 CET	53	54846	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:57.617099047 CET	53403	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:57.636394024 CET	53	53403	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:57.750149965 CET	64508	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:57.768388987 CET	53	64508	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:57.882508993 CET	61790	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:57.900799036 CET	53	61790	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:58.039572954 CET	55458	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:58.058178902 CET	53	55458	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:58.170205116 CET	53846	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:58.188980103 CET	53	53846	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:58.314220905 CET	52277	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:58.334605932 CET	53	52277	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:58.446656942 CET	59096	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:58.465250969 CET	53	59096	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:58.596534014 CET	50761	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:58.613795996 CET	53	50761	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:58.727325916 CET	54010	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:58.746138096 CET	53	54010	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:58.867037058 CET	55519	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:58.884211063 CET	53	55519	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:58.993659019 CET	64537	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:59.010284901 CET	53	64537	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:59.124813080 CET	61050	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:59.141640902 CET	53	61050	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:59.260683060 CET	56727	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:59.279612064 CET	53	56727	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:59.417960882 CET	55112	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:59.436573029 CET	53	55112	8.8.8.8	192.168.2.4
Mar 15, 2022 17:30:59.559878111 CET	49778	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:30:59.578551054 CET	53	49778	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:00.078707933 CET	51487	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:00.097987890 CET	53	51487	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:00.226485014 CET	57662	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:00.245170116 CET	53	57662	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:00.359226942 CET	61220	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:00.378367901 CET	53	61220	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:00.494452953 CET	50413	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:00.514060020 CET	53	50413	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:00.656563044 CET	60774	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:00.675729036 CET	53	60774	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:00.796123981 CET	57749	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:00.816076994 CET	53	57749	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:00.944190979 CET	52167	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:00.960582018 CET	53	52167	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:01.105850935 CET	56971	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:01.126727104 CET	53	56971	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:01.252780914 CET	60683	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:01.270226002 CET	53	60683	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:01.382761955 CET	60871	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:01.401133060 CET	53	60871	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:01.523021936 CET	62832	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:01.539742947 CET	53	62832	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:01.653830051 CET	52104	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:01.674350023 CET	53	52104	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:01.796741962 CET	64368	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:01.815763950 CET	53	64368	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:01.931435108 CET	56942	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:01.950217962 CET	53	56942	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:02.084331989 CET	65456	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:02.102514982 CET	53	65456	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:02.228580952 CET	58611	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:02.247231960 CET	53	58611	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:02.363390923 CET	51644	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:02.382541895 CET	53	51644	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:02.495840073 CET	60037	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:02.515697002 CET	53	60037	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:02.642376900 CET	59896	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:02.661336899 CET	53	59896	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:02.776319981 CET	61637	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:02.792656898 CET	53	61637	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:02.933319092 CET	50748	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:02.950139046 CET	53	50748	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:03.056750059 CET	50690	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:03.075588942 CET	53	50690	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:03.204000950 CET	50996	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:03.222717047 CET	53	50996	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:03.337093115 CET	52365	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:03.356784105 CET	53	52365	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:03.487561941 CET	63221	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:03.506422043 CET	53	63221	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:03.632116079 CET	50626	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:03.649044037 CET	53	50626	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:03.776245117 CET	61748	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:03.794909954 CET	53	61748	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:03.915488005 CET	65077	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:03.933031082 CET	53	65077	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:04.049371004 CET	50962	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:04.068224907 CET	53	50962	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:04.181379080 CET	55212	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:04.200100899 CET	53	55212	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:04.314939976 CET	61090	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:04.333100080 CET	53	61090	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:04.464378119 CET	64588	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:04.480528116 CET	53	64588	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:04.586724043 CET	60433	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:04.603451967 CET	53	60433	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:04.743300915 CET	49341	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:04.760055065 CET	53	49341	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:04.868911028 CET	55020	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:04.887797117 CET	53	55020	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:05.003274918 CET	56866	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:05.020205975 CET	53	56866	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:05.140477896 CET	63641	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:05.157500982 CET	53	63641	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:05.302018881 CET	55850	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:05.320660114 CET	53	55850	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:05.432480097 CET	52745	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:05.451251030 CET	53	52745	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:05.590307951 CET	51970	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:05.608686924 CET	53	51970	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:05.727193117 CET	62637	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:05.745346069 CET	53	62637	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:05.876609087 CET	55680	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:05.893616915 CET	53	55680	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:06.011995077 CET	58579	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:06.030781031 CET	53	58579	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:06.170305967 CET	50825	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:06.189080954 CET	53	50825	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:06.307691097 CET	60658	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:06.326080084 CET	53	60658	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:06.459723949 CET	59407	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:06.476687908 CET	53	59407	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:06.622788906 CET	60082	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:06.641040087 CET	53	60082	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:06.773586035 CET	61471	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:06.792604923 CET	53	61471	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:06.920506954 CET	50962	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:06.938914061 CET	53	50962	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:07.078668118 CET	57339	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:07.095290899 CET	53	57339	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:07.211981058 CET	52136	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:07.230721951 CET	53	52136	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:07.362025023 CET	57827	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:07.381972075 CET	53	57827	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:07.494100094 CET	54848	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:07.510577917 CET	53	54848	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:07.645273924 CET	54376	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:07.662194014 CET	53	54376	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:07.778090000 CET	55948	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:07.796895027 CET	53	55948	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:07.921013117 CET	55781	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:07.937709093 CET	53	55781	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:08.057723045 CET	51364	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:08.076034069 CET	53	51364	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:08.214864969 CET	57960	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:08.231674910 CET	53	57960	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:08.354901075 CET	54507	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:08.371432066 CET	53	54507	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:08.507189989 CET	52378	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:08.523710012 CET	53	52378	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:08.635521889 CET	52053	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:08.656258106 CET	53	52053	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:08.786840916 CET	60417	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:08.803577900 CET	53	60417	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:08.917121887 CET	58290	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:08.935734987 CET	53	58290	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:09.069210052 CET	63359	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:09.087755919 CET	53	63359	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:09.198765039 CET	54629	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:09.217596054 CET	53	54629	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:09.344814062 CET	61441	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:09.361294985 CET	53	61441	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:09.483006001 CET	60136	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:09.499265909 CET	53	60136	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:09.638520956 CET	52311	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:09.656861067 CET	53	52311	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:09.774463892 CET	54667	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:09.792067051 CET	53	54667	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:10.027264118 CET	63040	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:10.046315908 CET	53	63040	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:10.196377993 CET	55752	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:10.214607000 CET	53	55752	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:10.330777884 CET	52878	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:10.349523067 CET	53	52878	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:10.516364098 CET	57662	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:10.536420107 CET	53	57662	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:10.658179045 CET	52221	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:10.677119017 CET	53	52221	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:11.306992054 CET	49333	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:11.325301886 CET	53	49333	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:11.481993914 CET	52514	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:11.501902103 CET	53	52514	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:13.855866909 CET	49749	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:13.874360085 CET	53	49749	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:14.470480919 CET	53069	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:14.489401102 CET	53	53069	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:14.615401983 CET	61891	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:14.632725954 CET	53	61891	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:14.744911909 CET	61447	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:14.763488054 CET	53	61447	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:14.896245956 CET	58262	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:14.915133953 CET	53	58262	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:15.026983023 CET	63020	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:15.045221090 CET	53	63020	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:15.180756092 CET	63453	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:15.200653076 CET	53	63453	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:15.323101997 CET	52555	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:15.341412067 CET	53	52555	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:15.475526094 CET	52873	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:15.493829012 CET	53	52873	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:15.608942032 CET	50914	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:15.627440929 CET	53	50914	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:15.774727106 CET	55540	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:15.791873932 CET	53	55540	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:15.906936884 CET	64464	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:15.925592899 CET	53	64464	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:16.100706100 CET	63327	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:16.116930008 CET	53	63327	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:16.229672909 CET	56727	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:16.248106003 CET	53	56727	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:16.379829884 CET	52358	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:16.396482944 CET	53	52358	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:16.510421991 CET	49689	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:16.529392958 CET	53	49689	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:16.645801067 CET	59813	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:16.664040089 CET	53	59813	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:16.779619932 CET	49888	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:16.795887947 CET	53	49888	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:16.923026085 CET	51718	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:16.941684961 CET	53	51718	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:17.061486006 CET	55859	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:17.079732895 CET	53	55859	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:17.212671041 CET	64729	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:17.231422901 CET	53	64729	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:17.337810993 CET	52172	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:17.354827881 CET	53	52172	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:17.486799955 CET	64474	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:17.503597021 CET	53	64474	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:17.618781090 CET	62559	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:17.635490894 CET	53	62559	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:17.770823002 CET	52672	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:17.787503958 CET	53	52672	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:17.903266907 CET	50766	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:17.919666052 CET	53	50766	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:18.039078951 CET	62502	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:18.058301926 CET	53	62502	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:18.178113937 CET	56207	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:18.196475029 CET	53	56207	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:18.315351009 CET	62891	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:18.331981897 CET	53	62891	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:18.451560020 CET	65181	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:18.470560074 CET	53	65181	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:18.597878933 CET	49572	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:18.614809990 CET	53	49572	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:18.728010893 CET	59367	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:18.744611025 CET	53	59367	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:18.863476038 CET	55574	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:18.881711006 CET	53	55574	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:18.994781017 CET	59556	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:19.013922930 CET	53	59556	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:19.159801006 CET	49962	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:19.178025007 CET	53	49962	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:19.293051958 CET	60325	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:19.311510086 CET	53	60325	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:19.449517012 CET	59889	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:19.467772007 CET	53	59889	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:19.588749886 CET	63882	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:19.607217073 CET	53	63882	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:19.723443031 CET	59798	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:19.739722013 CET	53	59798	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:19.854664087 CET	52302	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:19.873919010 CET	53	52302	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:20.005142927 CET	61255	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:20.023967981 CET	53	61255	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:20.140417099 CET	52643	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:20.159403086 CET	53	52643	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:20.296498060 CET	55534	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:20.314868927 CET	53	55534	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:20.463917971 CET	50878	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:20.482642889 CET	53	50878	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:20.612943888 CET	56141	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:20.631684065 CET	53	56141	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:20.744800091 CET	61552	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:20.762950897 CET	53	61552	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:20.878829002 CET	62003	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:20.897253036 CET	53	62003	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:21.009624958 CET	57859	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:21.028074026 CET	53	57859	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:21.142291069 CET	53542	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:21.161334038 CET	53	53542	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:21.277354956 CET	58243	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:21.295597076 CET	53	58243	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:21.473665953 CET	62172	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:21.490575075 CET	53	62172	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:21.603286028 CET	63363	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:21.622051001 CET	53	63363	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:21.743912935 CET	50689	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:21.765436888 CET	53	50689	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:21.886195898 CET	62024	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:21.904874086 CET	53	62024	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:22.039921999 CET	64117	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:22.061289072 CET	53	64117	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:22.197942019 CET	59271	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:22.215473890 CET	53	59271	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:22.332823038 CET	63088	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:22.353543043 CET	53	63088	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:22.464502096 CET	64880	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:22.482768059 CET	53	64880	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:22.617088079 CET	50751	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:22.633553028 CET	53	50751	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:22.756078959 CET	59507	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:22.774260044 CET	53	59507	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:22.895536900 CET	50758	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:22.913913965 CET	53	50758	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:23.030410051 CET	55647	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:23.047209978 CET	53	55647	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:23.177103996 CET	54379	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:23.195261955 CET	53	54379	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:23.308147907 CET	54446	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:23.324580908 CET	53	54446	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:23.442665100 CET	55058	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:23.460838079 CET	53	55058	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:23.574049950 CET	58406	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:23.592219114 CET	53	58406	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:23.713648081 CET	60761	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:23.731934071 CET	53	60761	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:23.855782032 CET	52381	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:23.872172117 CET	53	52381	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:23.994050026 CET	61945	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:24.012712955 CET	53	61945	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:24.545664072 CET	49935	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:24.564472914 CET	53	49935	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:24.681646109 CET	59952	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:24.700397968 CET	53	59952	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:24.814217091 CET	51708	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:24.832451105 CET	53	51708	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:24.948925018 CET	62406	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:24.965207100 CET	53	62406	8.8.8.8	192.168.2.4
Mar 15, 2022 17:31:25.083853960 CET	59911	53	192.168.2.4	8.8.8.8
Mar 15, 2022 17:31:25.102082968 CET	53	59911	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Mar 15, 2022 17:29:33.651638985 CET	192.168.2.4	8.8.8.8	0xa119	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:33.782334089 CET	192.168.2.4	8.8.8.8	0x95c3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:34.036942959 CET	192.168.2.4	8.8.8.8	0xb26	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:34.308057070 CET	192.168.2.4	8.8.8.8	0x77b3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:34.442190886 CET	192.168.2.4	8.8.8.8	0x3600	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:34.687438011 CET	192.168.2.4	8.8.8.8	0x2dca	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:34.814285040 CET	192.168.2.4	8.8.8.8	0xbdb5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:35.338607073 CET	192.168.2.4	8.8.8.8	0x18af	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:35.524545908 CET	192.168.2.4	8.8.8.8	0xd951	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:35.774442911 CET	192.168.2.4	8.8.8.8	0x3f3d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:36.006824970 CET	192.168.2.4	8.8.8.8	0xe7fc	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:36.933866978 CET	192.168.2.4	8.8.8.8	0x606c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:37.064917088 CET	192.168.2.4	8.8.8.8	0xd46c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:37.287226915 CET	192.168.2.4	8.8.8.8	0x6082	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:37.445935965 CET	192.168.2.4	8.8.8.8	0x3a97	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.018778086 CET	192.168.2.4	8.8.8.8	0xbf05	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.225986958 CET	192.168.2.4	8.8.8.8	0x9e03	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.426934004 CET	192.168.2.4	8.8.8.8	0x4acb	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.564747095 CET	192.168.2.4	8.8.8.8	0xd74e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.752434969 CET	192.168.2.4	8.8.8.8	0x3ea6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.880841017 CET	192.168.2.4	8.8.8.8	0xbeeb	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.085488081 CET	192.168.2.4	8.8.8.8	0xe9f1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.221793890 CET	192.168.2.4	8.8.8.8	0xf38d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.445584059 CET	192.168.2.4	8.8.8.8	0x8e9e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.675976992 CET	192.168.2.4	8.8.8.8	0xba1a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.833786011 CET	192.168.2.4	8.8.8.8	0x5115	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.970649958 CET	192.168.2.4	8.8.8.8	0x4d80	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.121135950 CET	192.168.2.4	8.8.8.8	0xd74a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.260839939 CET	192.168.2.4	8.8.8.8	0xf8b7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.412688971 CET	192.168.2.4	8.8.8.8	0x20ac	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.548872948 CET	192.168.2.4	8.8.8.8	0xcba2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.725845098 CET	192.168.2.4	8.8.8.8	0x6d75	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.863840103 CET	192.168.2.4	8.8.8.8	0x2db6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.031074047 CET	192.168.2.4	8.8.8.8	0x6153	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.160312891 CET	192.168.2.4	8.8.8.8	0xac53	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.307542086 CET	192.168.2.4	8.8.8.8	0x9da9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.450249910 CET	192.168.2.4	8.8.8.8	0xcd2b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.802218914 CET	192.168.2.4	8.8.8.8	0x1a8a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.949054956 CET	192.168.2.4	8.8.8.8	0x81a8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.146797895 CET	192.168.2.4	8.8.8.8	0x19e3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.282538891 CET	192.168.2.4	8.8.8.8	0x4cc5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.426948071 CET	192.168.2.4	8.8.8.8	0x2b1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.566771030 CET	192.168.2.4	8.8.8.8	0xafe	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.729366064 CET	192.168.2.4	8.8.8.8	0x72f5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.876286030 CET	192.168.2.4	8.8.8.8	0xa8f9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.020605087 CET	192.168.2.4	8.8.8.8	0x8de6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.161935091 CET	192.168.2.4	8.8.8.8	0x8a40	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.330892086 CET	192.168.2.4	8.8.8.8	0x56a8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.470763922 CET	192.168.2.4	8.8.8.8	0x9759	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.616122961 CET	192.168.2.4	8.8.8.8	0x643a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.763029099 CET	192.168.2.4	8.8.8.8	0x7fa7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.912642002 CET	192.168.2.4	8.8.8.8	0x6f68	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.087533951 CET	192.168.2.4	8.8.8.8	0xb653	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.246918917 CET	192.168.2.4	8.8.8.8	0xdd0b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.390173912 CET	192.168.2.4	8.8.8.8	0xf674	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.553154945 CET	192.168.2.4	8.8.8.8	0x4a26	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.703840971 CET	192.168.2.4	8.8.8.8	0xfa11	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.866297960 CET	192.168.2.4	8.8.8.8	0x70b0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.002796888 CET	192.168.2.4	8.8.8.8	0xf350	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.207511902 CET	192.168.2.4	8.8.8.8	0x6464	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.348690987 CET	192.168.2.4	8.8.8.8	0x99fc	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.514894009 CET	192.168.2.4	8.8.8.8	0x71fa	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.643882990 CET	192.168.2.4	8.8.8.8	0xd9d8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.793755054 CET	192.168.2.4	8.8.8.8	0x390a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.946621895 CET	192.168.2.4	8.8.8.8	0x6d60	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:47.097793102 CET	192.168.2.4	8.8.8.8	0x934f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:47.665499926 CET	192.168.2.4	8.8.8.8	0xe56c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:47.842685938 CET	192.168.2.4	8.8.8.8	0xe9ed	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:48.048691988 CET	192.168.2.4	8.8.8.8	0xdd3d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:48.407855988 CET	192.168.2.4	8.8.8.8	0xef52	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:48.562633991 CET	192.168.2.4	8.8.8.8	0x36fc	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:48.692071915 CET	192.168.2.4	8.8.8.8	0x150d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:48.854378939 CET	192.168.2.4	8.8.8.8	0xbbdb	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:48.988951921 CET	192.168.2.4	8.8.8.8	0xc928	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.163216114 CET	192.168.2.4	8.8.8.8	0xa1b9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.299058914 CET	192.168.2.4	8.8.8.8	0xa7e9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.450334072 CET	192.168.2.4	8.8.8.8	0x2141	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.595264912 CET	192.168.2.4	8.8.8.8	0x1d0b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.746340036 CET	192.168.2.4	8.8.8.8	0x9609	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.912581921 CET	192.168.2.4	8.8.8.8	0x6dc0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.066701889 CET	192.168.2.4	8.8.8.8	0x8165	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.206687927 CET	192.168.2.4	8.8.8.8	0xe06f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.395627975 CET	192.168.2.4	8.8.8.8	0xb810	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.536062956 CET	192.168.2.4	8.8.8.8	0x3563	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.704197884 CET	192.168.2.4	8.8.8.8	0x52d2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.831475973 CET	192.168.2.4	8.8.8.8	0xe3a8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.983534098 CET	192.168.2.4	8.8.8.8	0xad70	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.125281096 CET	192.168.2.4	8.8.8.8	0xc53e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.275546074 CET	192.168.2.4	8.8.8.8	0x4c10	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.409516096 CET	192.168.2.4	8.8.8.8	0x9551	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.585731983 CET	192.168.2.4	8.8.8.8	0xba6e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.723298073 CET	192.168.2.4	8.8.8.8	0x3000	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.911819935 CET	192.168.2.4	8.8.8.8	0x9076	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.034564972 CET	192.168.2.4	8.8.8.8	0x5d8b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.199404001 CET	192.168.2.4	8.8.8.8	0x4111	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.331839085 CET	192.168.2.4	8.8.8.8	0x723b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.495857954 CET	192.168.2.4	8.8.8.8	0x2b27	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.627574921 CET	192.168.2.4	8.8.8.8	0x8c22	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.775043011 CET	192.168.2.4	8.8.8.8	0xe13	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.910355091 CET	192.168.2.4	8.8.8.8	0xd495	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.071032047 CET	192.168.2.4	8.8.8.8	0x6934	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.210494995 CET	192.168.2.4	8.8.8.8	0xefff	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.381023884 CET	192.168.2.4	8.8.8.8	0x15a1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.559582949 CET	192.168.2.4	8.8.8.8	0x8e98	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.713874102 CET	192.168.2.4	8.8.8.8	0xe9c8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.864017010 CET	192.168.2.4	8.8.8.8	0x2219	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:54.003976107 CET	192.168.2.4	8.8.8.8	0x2154	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:54.145911932 CET	192.168.2.4	8.8.8.8	0x88c3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:54.317665100 CET	192.168.2.4	8.8.8.8	0x4e9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:55.107808113 CET	192.168.2.4	8.8.8.8	0x4641	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:55.273215055 CET	192.168.2.4	8.8.8.8	0x176d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:56.012020111 CET	192.168.2.4	8.8.8.8	0xeeec	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:56.196851015 CET	192.168.2.4	8.8.8.8	0xd166	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:56.411803007 CET	192.168.2.4	8.8.8.8	0x52f6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:56.609795094 CET	192.168.2.4	8.8.8.8	0xdb41	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:57.945661068 CET	192.168.2.4	8.8.8.8	0x9bc1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.081093073 CET	192.168.2.4	8.8.8.8	0x4810	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.233095884 CET	192.168.2.4	8.8.8.8	0x9563	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.364228010 CET	192.168.2.4	8.8.8.8	0x9952	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.505773067 CET	192.168.2.4	8.8.8.8	0xdd4f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.650726080 CET	192.168.2.4	8.8.8.8	0x662d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.809467077 CET	192.168.2.4	8.8.8.8	0x1d29	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.946322918 CET	192.168.2.4	8.8.8.8	0x3408	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.140347004 CET	192.168.2.4	8.8.8.8	0xf325	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.275249004 CET	192.168.2.4	8.8.8.8	0xc0f3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.426568985 CET	192.168.2.4	8.8.8.8	0x40a2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.553066015 CET	192.168.2.4	8.8.8.8	0xb2b7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.704276085 CET	192.168.2.4	8.8.8.8	0x93b7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.854422092 CET	192.168.2.4	8.8.8.8	0x647b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.006253958 CET	192.168.2.4	8.8.8.8	0x3f8b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.146050930 CET	192.168.2.4	8.8.8.8	0xae67	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.310219049 CET	192.168.2.4	8.8.8.8	0xee13	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.440006018 CET	192.168.2.4	8.8.8.8	0x1f1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.577496052 CET	192.168.2.4	8.8.8.8	0x339b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.710226059 CET	192.168.2.4	8.8.8.8	0x5de4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.872464895 CET	192.168.2.4	8.8.8.8	0x7dda	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:01.012402058 CET	192.168.2.4	8.8.8.8	0x168	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:01.197683096 CET	192.168.2.4	8.8.8.8	0xb906	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:01.334614992 CET	192.168.2.4	8.8.8.8	0xd329	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:01.474240065 CET	192.168.2.4	8.8.8.8	0xb667	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:01.915460110 CET	192.168.2.4	8.8.8.8	0xf103	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:02.295149088 CET	192.168.2.4	8.8.8.8	0x8548	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:02.436872005 CET	192.168.2.4	8.8.8.8	0xc1c3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:02.568661928 CET	192.168.2.4	8.8.8.8	0x6c89	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:02.725176096 CET	192.168.2.4	8.8.8.8	0xd856	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:02.864592075 CET	192.168.2.4	8.8.8.8	0x6e05	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:02.997827053 CET	192.168.2.4	8.8.8.8	0x289b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.136799097 CET	192.168.2.4	8.8.8.8	0x8af	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.282243967 CET	192.168.2.4	8.8.8.8	0x2b8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.410279989 CET	192.168.2.4	8.8.8.8	0x28f3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.554605961 CET	192.168.2.4	8.8.8.8	0xc471	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.691234112 CET	192.168.2.4	8.8.8.8	0x583d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.829689026 CET	192.168.2.4	8.8.8.8	0xf062	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.957626104 CET	192.168.2.4	8.8.8.8	0x40e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.095819950 CET	192.168.2.4	8.8.8.8	0xd282	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.238218069 CET	192.168.2.4	8.8.8.8	0xf301	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.385884047 CET	192.168.2.4	8.8.8.8	0xf391	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.520855904 CET	192.168.2.4	8.8.8.8	0x7da5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.661712885 CET	192.168.2.4	8.8.8.8	0xd568	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.801541090 CET	192.168.2.4	8.8.8.8	0x1ecc	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.954217911 CET	192.168.2.4	8.8.8.8	0x5e42	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.115528107 CET	192.168.2.4	8.8.8.8	0x118b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.253618956 CET	192.168.2.4	8.8.8.8	0x5aeb	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.379765987 CET	192.168.2.4	8.8.8.8	0xa17	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.577074051 CET	192.168.2.4	8.8.8.8	0xa898	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.714787960 CET	192.168.2.4	8.8.8.8	0xee8f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.859862089 CET	192.168.2.4	8.8.8.8	0x332b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.989939928 CET	192.168.2.4	8.8.8.8	0x7465	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.121064901 CET	192.168.2.4	8.8.8.8	0x77c4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.256340981 CET	192.168.2.4	8.8.8.8	0xb565	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.402478933 CET	192.168.2.4	8.8.8.8	0x2fa2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.534750938 CET	192.168.2.4	8.8.8.8	0xa53e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.666974068 CET	192.168.2.4	8.8.8.8	0xeeb7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.802668095 CET	192.168.2.4	8.8.8.8	0x92e9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.950282097 CET	192.168.2.4	8.8.8.8	0x4173	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.084326029 CET	192.168.2.4	8.8.8.8	0x3f52	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.214123964 CET	192.168.2.4	8.8.8.8	0xcfa0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.350936890 CET	192.168.2.4	8.8.8.8	0x5eb5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.501993895 CET	192.168.2.4	8.8.8.8	0xf95c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.650193930 CET	192.168.2.4	8.8.8.8	0x3687	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.801393032 CET	192.168.2.4	8.8.8.8	0xcc0d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.929039001 CET	192.168.2.4	8.8.8.8	0x3400	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.088022947 CET	192.168.2.4	8.8.8.8	0x479b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.222482920 CET	192.168.2.4	8.8.8.8	0x20cf	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.358202934 CET	192.168.2.4	8.8.8.8	0x2e07	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.489211082 CET	192.168.2.4	8.8.8.8	0x857a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.661854029 CET	192.168.2.4	8.8.8.8	0x733a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.802959919 CET	192.168.2.4	8.8.8.8	0x10d5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.966248989 CET	192.168.2.4	8.8.8.8	0xc47c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:09.097151041 CET	192.168.2.4	8.8.8.8	0x6e53	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:09.234133959 CET	192.168.2.4	8.8.8.8	0x5bd	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:09.364855051 CET	192.168.2.4	8.8.8.8	0x95fb	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:09.735347986 CET	192.168.2.4	8.8.8.8	0xa7b5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:09.864227057 CET	192.168.2.4	8.8.8.8	0x6b22	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.021378040 CET	192.168.2.4	8.8.8.8	0xf9a5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.161458969 CET	192.168.2.4	8.8.8.8	0x1a5f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.310187101 CET	192.168.2.4	8.8.8.8	0x7f34	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.446655035 CET	192.168.2.4	8.8.8.8	0x6345	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.591315031 CET	192.168.2.4	8.8.8.8	0x31e5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.723402023 CET	192.168.2.4	8.8.8.8	0x99c3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.878840923 CET	192.168.2.4	8.8.8.8	0xb893	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.010371923 CET	192.168.2.4	8.8.8.8	0x4a95	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.154040098 CET	192.168.2.4	8.8.8.8	0xa2fb	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.285185099 CET	192.168.2.4	8.8.8.8	0xdc1b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.428039074 CET	192.168.2.4	8.8.8.8	0xf9b4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.571764946 CET	192.168.2.4	8.8.8.8	0xbbc2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.715029955 CET	192.168.2.4	8.8.8.8	0x165c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.848705053 CET	192.168.2.4	8.8.8.8	0xd55	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.990005970 CET	192.168.2.4	8.8.8.8	0xa2b6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.128552914 CET	192.168.2.4	8.8.8.8	0x53ef	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.266128063 CET	192.168.2.4	8.8.8.8	0xe11e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.423871994 CET	192.168.2.4	8.8.8.8	0xeb56	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.562458992 CET	192.168.2.4	8.8.8.8	0xce0b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.699862957 CET	192.168.2.4	8.8.8.8	0x9ebc	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.844791889 CET	192.168.2.4	8.8.8.8	0xb1a0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.977629900 CET	192.168.2.4	8.8.8.8	0xb0ec	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:13.151398897 CET	192.168.2.4	8.8.8.8	0x9a7f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:13.286395073 CET	192.168.2.4	8.8.8.8	0xe7e4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:13.607832909 CET	192.168.2.4	8.8.8.8	0x6c83	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:13.764065027 CET	192.168.2.4	8.8.8.8	0x2b87	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:13.911448956 CET	192.168.2.4	8.8.8.8	0x54d9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:14.082242966 CET	192.168.2.4	8.8.8.8	0x855d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:14.215297937 CET	192.168.2.4	8.8.8.8	0xdbe9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:14.964453936 CET	192.168.2.4	8.8.8.8	0x6b56	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:15.148077011 CET	192.168.2.4	8.8.8.8	0x9880	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:15.291008949 CET	192.168.2.4	8.8.8.8	0xa9d0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:15.504200935 CET	192.168.2.4	8.8.8.8	0xfbd5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:16.708666086 CET	192.168.2.4	8.8.8.8	0x6074	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:16.910562038 CET	192.168.2.4	8.8.8.8	0x6fb	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:17.322467089 CET	192.168.2.4	8.8.8.8	0xac77	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:17.473882914 CET	192.168.2.4	8.8.8.8	0x43de	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:17.610786915 CET	192.168.2.4	8.8.8.8	0x81f6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:17.741560936 CET	192.168.2.4	8.8.8.8	0xdb1b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:17.887931108 CET	192.168.2.4	8.8.8.8	0x12a3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.021917105 CET	192.168.2.4	8.8.8.8	0xab37	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.157288074 CET	192.168.2.4	8.8.8.8	0x476f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.290465117 CET	192.168.2.4	8.8.8.8	0xcb6a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.457138062 CET	192.168.2.4	8.8.8.8	0xd443	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.586110115 CET	192.168.2.4	8.8.8.8	0x5321	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.734179020 CET	192.168.2.4	8.8.8.8	0x9ac2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.869609118 CET	192.168.2.4	8.8.8.8	0xe1b1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.014183998 CET	192.168.2.4	8.8.8.8	0xd873	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.186492920 CET	192.168.2.4	8.8.8.8	0x32dd	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.334533930 CET	192.168.2.4	8.8.8.8	0x271d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.460397959 CET	192.168.2.4	8.8.8.8	0x9ee0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.616976976 CET	192.168.2.4	8.8.8.8	0xc816	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.741431952 CET	192.168.2.4	8.8.8.8	0xf465	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.877708912 CET	192.168.2.4	8.8.8.8	0x5cc4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.022480011 CET	192.168.2.4	8.8.8.8	0x6450	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.185033083 CET	192.168.2.4	8.8.8.8	0x9bea	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.320967913 CET	192.168.2.4	8.8.8.8	0xe25c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.470937967 CET	192.168.2.4	8.8.8.8	0x4212	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.599291086 CET	192.168.2.4	8.8.8.8	0xf215	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.734239101 CET	192.168.2.4	8.8.8.8	0x9f27	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.882550001 CET	192.168.2.4	8.8.8.8	0xfedf	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.023194075 CET	192.168.2.4	8.8.8.8	0x24d1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.161847115 CET	192.168.2.4	8.8.8.8	0x242c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.296926022 CET	192.168.2.4	8.8.8.8	0x3e6a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.457442999 CET	192.168.2.4	8.8.8.8	0xfc7c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.596080065 CET	192.168.2.4	8.8.8.8	0x5ebf	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.739670038 CET	192.168.2.4	8.8.8.8	0x1573	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.891079903 CET	192.168.2.4	8.8.8.8	0x463b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.022370100 CET	192.168.2.4	8.8.8.8	0x59e4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.191353083 CET	192.168.2.4	8.8.8.8	0xe63b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.318320990 CET	192.168.2.4	8.8.8.8	0xef46	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.472471952 CET	192.168.2.4	8.8.8.8	0x2d65	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.629209995 CET	192.168.2.4	8.8.8.8	0x5348	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.762352943 CET	192.168.2.4	8.8.8.8	0xd621	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.897645950 CET	192.168.2.4	8.8.8.8	0xd35b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.052658081 CET	192.168.2.4	8.8.8.8	0x4807	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.195889950 CET	192.168.2.4	8.8.8.8	0x31a0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.344840050 CET	192.168.2.4	8.8.8.8	0x8407	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.479089975 CET	192.168.2.4	8.8.8.8	0x51f4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.656387091 CET	192.168.2.4	8.8.8.8	0x2406	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.787579060 CET	192.168.2.4	8.8.8.8	0xe2d3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.942440033 CET	192.168.2.4	8.8.8.8	0x4754	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.068523884 CET	192.168.2.4	8.8.8.8	0xca5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.211225986 CET	192.168.2.4	8.8.8.8	0x37e1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.348850012 CET	192.168.2.4	8.8.8.8	0x2b78	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.499689102 CET	192.168.2.4	8.8.8.8	0xae39	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.630785942 CET	192.168.2.4	8.8.8.8	0x71d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.763544083 CET	192.168.2.4	8.8.8.8	0x8c36	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.897547007 CET	192.168.2.4	8.8.8.8	0x4f18	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.041237116 CET	192.168.2.4	8.8.8.8	0x913	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.177795887 CET	192.168.2.4	8.8.8.8	0x2f37	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.312330008 CET	192.168.2.4	8.8.8.8	0xc266	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.444261074 CET	192.168.2.4	8.8.8.8	0x48fd	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.608936071 CET	192.168.2.4	8.8.8.8	0x9aba	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.741878986 CET	192.168.2.4	8.8.8.8	0x3cde	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.890604019 CET	192.168.2.4	8.8.8.8	0xe9a5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:26.023509979 CET	192.168.2.4	8.8.8.8	0x7e51	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:26.177737951 CET	192.168.2.4	8.8.8.8	0x7e8d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:26.303227901 CET	192.168.2.4	8.8.8.8	0x4d2e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:26.473086119 CET	192.168.2.4	8.8.8.8	0x9f93	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.020157099 CET	192.168.2.4	8.8.8.8	0x2b1d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.163508892 CET	192.168.2.4	8.8.8.8	0x3fa8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.316168070 CET	192.168.2.4	8.8.8.8	0x45c0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.463176966 CET	192.168.2.4	8.8.8.8	0xed35	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.614440918 CET	192.168.2.4	8.8.8.8	0x5d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.777259111 CET	192.168.2.4	8.8.8.8	0x39b1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.924437046 CET	192.168.2.4	8.8.8.8	0xd5f7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.053205967 CET	192.168.2.4	8.8.8.8	0xf9fd	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.217780113 CET	192.168.2.4	8.8.8.8	0x26ac	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.350714922 CET	192.168.2.4	8.8.8.8	0xb93c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.486816883 CET	192.168.2.4	8.8.8.8	0xbacc	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.625526905 CET	192.168.2.4	8.8.8.8	0xbbbe	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.766530037 CET	192.168.2.4	8.8.8.8	0x4be0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.897313118 CET	192.168.2.4	8.8.8.8	0x65fc	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.044754028 CET	192.168.2.4	8.8.8.8	0xe215	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.178229094 CET	192.168.2.4	8.8.8.8	0x5135	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.313102961 CET	192.168.2.4	8.8.8.8	0xdc84	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.443902969 CET	192.168.2.4	8.8.8.8	0xd124	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.580842972 CET	192.168.2.4	8.8.8.8	0x50a0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.709959030 CET	192.168.2.4	8.8.8.8	0xc3c0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.884057045 CET	192.168.2.4	8.8.8.8	0xf64f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.021053076 CET	192.168.2.4	8.8.8.8	0x9499	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.188235044 CET	192.168.2.4	8.8.8.8	0x11e4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.318767071 CET	192.168.2.4	8.8.8.8	0x9a53	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.454351902 CET	192.168.2.4	8.8.8.8	0x6c08	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.585310936 CET	192.168.2.4	8.8.8.8	0xd488	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.735188961 CET	192.168.2.4	8.8.8.8	0xacc4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.868954897 CET	192.168.2.4	8.8.8.8	0xf094	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.012927055 CET	192.168.2.4	8.8.8.8	0xb3fc	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.148077011 CET	192.168.2.4	8.8.8.8	0x7abf	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.277738094 CET	192.168.2.4	8.8.8.8	0xc513	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.415985107 CET	192.168.2.4	8.8.8.8	0xc2d5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.568466902 CET	192.168.2.4	8.8.8.8	0xcd11	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.710071087 CET	192.168.2.4	8.8.8.8	0x7b1a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.841562033 CET	192.168.2.4	8.8.8.8	0x83f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.979398012 CET	192.168.2.4	8.8.8.8	0x5609	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:32.170231104 CET	192.168.2.4	8.8.8.8	0x64b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:32.514039993 CET	192.168.2.4	8.8.8.8	0x7c69	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:32.654026985 CET	192.168.2.4	8.8.8.8	0x6762	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:32.793366909 CET	192.168.2.4	8.8.8.8	0x4c2a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:32.974526882 CET	192.168.2.4	8.8.8.8	0x5c74	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:33.100234985 CET	192.168.2.4	8.8.8.8	0x4267	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:33.694735050 CET	192.168.2.4	8.8.8.8	0x42a4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:33.836074114 CET	192.168.2.4	8.8.8.8	0x70ef	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:34.023530960 CET	192.168.2.4	8.8.8.8	0x593d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:34.164427042 CET	192.168.2.4	8.8.8.8	0xe672	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:35.523993015 CET	192.168.2.4	8.8.8.8	0x51b8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:35.760853052 CET	192.168.2.4	8.8.8.8	0x6f67	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:35.905962944 CET	192.168.2.4	8.8.8.8	0xa0a2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:36.133512020 CET	192.168.2.4	8.8.8.8	0x8765	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:36.292227030 CET	192.168.2.4	8.8.8.8	0xb37e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:36.514152050 CET	192.168.2.4	8.8.8.8	0x5aca	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:36.658139944 CET	192.168.2.4	8.8.8.8	0x688c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:36.883445024 CET	192.168.2.4	8.8.8.8	0x3ada	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:37.058768034 CET	192.168.2.4	8.8.8.8	0x3a46	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:37.289378881 CET	192.168.2.4	8.8.8.8	0x452c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:37.477715015 CET	192.168.2.4	8.8.8.8	0xc5cd	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:37.615148067 CET	192.168.2.4	8.8.8.8	0x9720	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:37.977355003 CET	192.168.2.4	8.8.8.8	0x84d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.119564056 CET	192.168.2.4	8.8.8.8	0xe092	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.269020081 CET	192.168.2.4	8.8.8.8	0x75c6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.399296045 CET	192.168.2.4	8.8.8.8	0xb56a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.554614067 CET	192.168.2.4	8.8.8.8	0x99a7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.702646017 CET	192.168.2.4	8.8.8.8	0x30a7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.939331055 CET	192.168.2.4	8.8.8.8	0x34b8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.073067904 CET	192.168.2.4	8.8.8.8	0x9f64	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.219193935 CET	192.168.2.4	8.8.8.8	0xe0fa	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.358838081 CET	192.168.2.4	8.8.8.8	0x2c9c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.507514954 CET	192.168.2.4	8.8.8.8	0xf788	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.631678104 CET	192.168.2.4	8.8.8.8	0xade2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.817605019 CET	192.168.2.4	8.8.8.8	0x428	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.943988085 CET	192.168.2.4	8.8.8.8	0xe13f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.098949909 CET	192.168.2.4	8.8.8.8	0xa011	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.224562883 CET	192.168.2.4	8.8.8.8	0x41a5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.361531973 CET	192.168.2.4	8.8.8.8	0x5f32	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.585269928 CET	192.168.2.4	8.8.8.8	0x679a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.740140915 CET	192.168.2.4	8.8.8.8	0xfa8b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.879631996 CET	192.168.2.4	8.8.8.8	0x3de6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.019666910 CET	192.168.2.4	8.8.8.8	0x7b56	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.149893045 CET	192.168.2.4	8.8.8.8	0x55ec	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.300189018 CET	192.168.2.4	8.8.8.8	0xa9c8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.444860935 CET	192.168.2.4	8.8.8.8	0x939f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.578610897 CET	192.168.2.4	8.8.8.8	0x7021	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.709177017 CET	192.168.2.4	8.8.8.8	0xebcf	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.885175943 CET	192.168.2.4	8.8.8.8	0xe0e3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.026546001 CET	192.168.2.4	8.8.8.8	0xe2ec	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.187020063 CET	192.168.2.4	8.8.8.8	0xdafe	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.319756031 CET	192.168.2.4	8.8.8.8	0x4a7d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.453052998 CET	192.168.2.4	8.8.8.8	0xb6ec	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.606350899 CET	192.168.2.4	8.8.8.8	0xd780	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.754101992 CET	192.168.2.4	8.8.8.8	0x9c14	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.883829117 CET	192.168.2.4	8.8.8.8	0x7e6c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.037991047 CET	192.168.2.4	8.8.8.8	0xf295	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.186067104 CET	192.168.2.4	8.8.8.8	0xb9b7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.335752010 CET	192.168.2.4	8.8.8.8	0xd3b8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.462250948 CET	192.168.2.4	8.8.8.8	0xfe35	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.616795063 CET	192.168.2.4	8.8.8.8	0xd98	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.756191015 CET	192.168.2.4	8.8.8.8	0xbca5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.889153957 CET	192.168.2.4	8.8.8.8	0x860e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.041851997 CET	192.168.2.4	8.8.8.8	0xd60	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.188096046 CET	192.168.2.4	8.8.8.8	0x6ce8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.333560944 CET	192.168.2.4	8.8.8.8	0x3607	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.470452070 CET	192.168.2.4	8.8.8.8	0x240d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.600692034 CET	192.168.2.4	8.8.8.8	0x6623	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.736352921 CET	192.168.2.4	8.8.8.8	0x4b6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.067908049 CET	192.168.2.4	8.8.8.8	0x6b09	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.201831102 CET	192.168.2.4	8.8.8.8	0x8057	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.334114075 CET	192.168.2.4	8.8.8.8	0x9b30	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.472543001 CET	192.168.2.4	8.8.8.8	0x72b7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.602211952 CET	192.168.2.4	8.8.8.8	0x651e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.757148981 CET	192.168.2.4	8.8.8.8	0x1645	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.900701046 CET	192.168.2.4	8.8.8.8	0xa1a6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.045859098 CET	192.168.2.4	8.8.8.8	0x9e90	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.181823969 CET	192.168.2.4	8.8.8.8	0xee4b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.329102993 CET	192.168.2.4	8.8.8.8	0x746c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.461213112 CET	192.168.2.4	8.8.8.8	0x3af5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.602612019 CET	192.168.2.4	8.8.8.8	0x72c2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.746203899 CET	192.168.2.4	8.8.8.8	0x7385	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.894644022 CET	192.168.2.4	8.8.8.8	0x3c3d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.022738934 CET	192.168.2.4	8.8.8.8	0x5720	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.189642906 CET	192.168.2.4	8.8.8.8	0x697b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.334774971 CET	192.168.2.4	8.8.8.8	0x662a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.468636036 CET	192.168.2.4	8.8.8.8	0xa7e7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.601768017 CET	192.168.2.4	8.8.8.8	0xd121	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.738461971 CET	192.168.2.4	8.8.8.8	0x9fe5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.866648912 CET	192.168.2.4	8.8.8.8	0x1d37	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.031384945 CET	192.168.2.4	8.8.8.8	0x2b30	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.164207935 CET	192.168.2.4	8.8.8.8	0x1299	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.299415112 CET	192.168.2.4	8.8.8.8	0xf737	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.433839083 CET	192.168.2.4	8.8.8.8	0xdfd5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.580708027 CET	192.168.2.4	8.8.8.8	0xe1b5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.711317062 CET	192.168.2.4	8.8.8.8	0xb05f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.884083033 CET	192.168.2.4	8.8.8.8	0xa96d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.024115086 CET	192.168.2.4	8.8.8.8	0x5e76	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.171581984 CET	192.168.2.4	8.8.8.8	0x8c01	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.306333065 CET	192.168.2.4	8.8.8.8	0x4c6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.436430931 CET	192.168.2.4	8.8.8.8	0x4e17	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.575057030 CET	192.168.2.4	8.8.8.8	0xa90b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.727051973 CET	192.168.2.4	8.8.8.8	0x9923	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.118067026 CET	192.168.2.4	8.8.8.8	0x961	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.245881081 CET	192.168.2.4	8.8.8.8	0x79a8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.394881010 CET	192.168.2.4	8.8.8.8	0x341d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.523864031 CET	192.168.2.4	8.8.8.8	0xc717	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.656142950 CET	192.168.2.4	8.8.8.8	0xe0a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.792851925 CET	192.168.2.4	8.8.8.8	0xa6bb	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.977835894 CET	192.168.2.4	8.8.8.8	0x13ab	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.148772001 CET	192.168.2.4	8.8.8.8	0xcc3b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.373425007 CET	192.168.2.4	8.8.8.8	0x8db1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.506841898 CET	192.168.2.4	8.8.8.8	0x537	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.638927937 CET	192.168.2.4	8.8.8.8	0xf4c9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.814203978 CET	192.168.2.4	8.8.8.8	0xbe1b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.951390982 CET	192.168.2.4	8.8.8.8	0x8595	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:52.089488029 CET	192.168.2.4	8.8.8.8	0x97e2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:52.642560005 CET	192.168.2.4	8.8.8.8	0x2536	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:52.805461884 CET	192.168.2.4	8.8.8.8	0xbac	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:52.955360889 CET	192.168.2.4	8.8.8.8	0x6032	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:53.144612074 CET	192.168.2.4	8.8.8.8	0x91e7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.226320982 CET	192.168.2.4	8.8.8.8	0x8873	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.352541924 CET	192.168.2.4	8.8.8.8	0x6b3e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.538754940 CET	192.168.2.4	8.8.8.8	0xd33e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.664982080 CET	192.168.2.4	8.8.8.8	0xdc2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.795047998 CET	192.168.2.4	8.8.8.8	0x9bf6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.929518938 CET	192.168.2.4	8.8.8.8	0x6548	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:55.081293106 CET	192.168.2.4	8.8.8.8	0x3a6e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:55.517354012 CET	192.168.2.4	8.8.8.8	0xf96d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:55.653202057 CET	192.168.2.4	8.8.8.8	0x4ab5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:55.809298038 CET	192.168.2.4	8.8.8.8	0x3fbf	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:55.946569920 CET	192.168.2.4	8.8.8.8	0x892a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.101111889 CET	192.168.2.4	8.8.8.8	0x34d2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.232601881 CET	192.168.2.4	8.8.8.8	0x1b68	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.381643057 CET	192.168.2.4	8.8.8.8	0xb3e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.508697033 CET	192.168.2.4	8.8.8.8	0xc0b0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.639018059 CET	192.168.2.4	8.8.8.8	0x6863	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.779274940 CET	192.168.2.4	8.8.8.8	0xb055	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.922188044 CET	192.168.2.4	8.8.8.8	0xb9c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.066833973 CET	192.168.2.4	8.8.8.8	0xd801	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.202012062 CET	192.168.2.4	8.8.8.8	0x4038	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.337533951 CET	192.168.2.4	8.8.8.8	0xdbd8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.485917091 CET	192.168.2.4	8.8.8.8	0x2399	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.617099047 CET	192.168.2.4	8.8.8.8	0x6c43	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.750149965 CET	192.168.2.4	8.8.8.8	0x9ef1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.882508993 CET	192.168.2.4	8.8.8.8	0x9945	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.039572954 CET	192.168.2.4	8.8.8.8	0xdf02	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.170205116 CET	192.168.2.4	8.8.8.8	0x5c7d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.314220905 CET	192.168.2.4	8.8.8.8	0x50c5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.446656942 CET	192.168.2.4	8.8.8.8	0xee4e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.596534014 CET	192.168.2.4	8.8.8.8	0xe1eb	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.727325916 CET	192.168.2.4	8.8.8.8	0x39c7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.867037058 CET	192.168.2.4	8.8.8.8	0x25ea	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.993659019 CET	192.168.2.4	8.8.8.8	0x361c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:59.124813080 CET	192.168.2.4	8.8.8.8	0xb151	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:59.260683060 CET	192.168.2.4	8.8.8.8	0x35d2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:59.417960882 CET	192.168.2.4	8.8.8.8	0x6cd	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:59.559878111 CET	192.168.2.4	8.8.8.8	0xecad	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.078707933 CET	192.168.2.4	8.8.8.8	0x9273	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.226485014 CET	192.168.2.4	8.8.8.8	0x89fd	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.359226942 CET	192.168.2.4	8.8.8.8	0x120d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.494452953 CET	192.168.2.4	8.8.8.8	0xbfca	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.656563044 CET	192.168.2.4	8.8.8.8	0xdad4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.796123981 CET	192.168.2.4	8.8.8.8	0xaeee	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.944190979 CET	192.168.2.4	8.8.8.8	0xa812	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.105850935 CET	192.168.2.4	8.8.8.8	0xa1f5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.252780914 CET	192.168.2.4	8.8.8.8	0x80cf	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.382761955 CET	192.168.2.4	8.8.8.8	0x5fc6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.523021936 CET	192.168.2.4	8.8.8.8	0xb907	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.653830051 CET	192.168.2.4	8.8.8.8	0x770d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.796741962 CET	192.168.2.4	8.8.8.8	0xe237	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.931435108 CET	192.168.2.4	8.8.8.8	0xb793	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.084331989 CET	192.168.2.4	8.8.8.8	0x476e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.228580952 CET	192.168.2.4	8.8.8.8	0xeca7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.363390923 CET	192.168.2.4	8.8.8.8	0x97ed	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.495840073 CET	192.168.2.4	8.8.8.8	0xc39b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.642376900 CET	192.168.2.4	8.8.8.8	0x5885	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.776319981 CET	192.168.2.4	8.8.8.8	0xceee	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.933319092 CET	192.168.2.4	8.8.8.8	0x5597	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.056750059 CET	192.168.2.4	8.8.8.8	0xca12	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.204000950 CET	192.168.2.4	8.8.8.8	0xfe25	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.337093115 CET	192.168.2.4	8.8.8.8	0x3b48	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.487561941 CET	192.168.2.4	8.8.8.8	0xc874	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.632116079 CET	192.168.2.4	8.8.8.8	0xc79a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.776245117 CET	192.168.2.4	8.8.8.8	0x379b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.915488005 CET	192.168.2.4	8.8.8.8	0x3f3e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.049371004 CET	192.168.2.4	8.8.8.8	0x2de9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.181379080 CET	192.168.2.4	8.8.8.8	0xe528	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.314939976 CET	192.168.2.4	8.8.8.8	0x6c57	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.464378119 CET	192.168.2.4	8.8.8.8	0x258d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.586724043 CET	192.168.2.4	8.8.8.8	0xd8b2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.743300915 CET	192.168.2.4	8.8.8.8	0xfbb5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.868911028 CET	192.168.2.4	8.8.8.8	0xec4c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.003274918 CET	192.168.2.4	8.8.8.8	0x453d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.140477896 CET	192.168.2.4	8.8.8.8	0x17c5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.302018881 CET	192.168.2.4	8.8.8.8	0xe00a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.432480097 CET	192.168.2.4	8.8.8.8	0x23ef	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.590307951 CET	192.168.2.4	8.8.8.8	0x9fa8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.727193117 CET	192.168.2.4	8.8.8.8	0x7ac8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.876609087 CET	192.168.2.4	8.8.8.8	0x4380	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.011995077 CET	192.168.2.4	8.8.8.8	0xaec0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.170305967 CET	192.168.2.4	8.8.8.8	0xe7db	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.307691097 CET	192.168.2.4	8.8.8.8	0x65a6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.459723949 CET	192.168.2.4	8.8.8.8	0xe336	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.622788906 CET	192.168.2.4	8.8.8.8	0x819d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.773586035 CET	192.168.2.4	8.8.8.8	0x176e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.920506954 CET	192.168.2.4	8.8.8.8	0x579	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.078668118 CET	192.168.2.4	8.8.8.8	0xf0a2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.211981058 CET	192.168.2.4	8.8.8.8	0xd873	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.362025023 CET	192.168.2.4	8.8.8.8	0xf80e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.494100094 CET	192.168.2.4	8.8.8.8	0xca5e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.645273924 CET	192.168.2.4	8.8.8.8	0x149	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.778090000 CET	192.168.2.4	8.8.8.8	0x983e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.921013117 CET	192.168.2.4	8.8.8.8	0x61bf	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.057723045 CET	192.168.2.4	8.8.8.8	0xf3d9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.214864969 CET	192.168.2.4	8.8.8.8	0x8c19	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.354901075 CET	192.168.2.4	8.8.8.8	0x3c4e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.507189989 CET	192.168.2.4	8.8.8.8	0xa824	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.635521889 CET	192.168.2.4	8.8.8.8	0x410f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.786840916 CET	192.168.2.4	8.8.8.8	0x343d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.917121887 CET	192.168.2.4	8.8.8.8	0x44f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.069210052 CET	192.168.2.4	8.8.8.8	0xb764	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.198765039 CET	192.168.2.4	8.8.8.8	0x2c72	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.344814062 CET	192.168.2.4	8.8.8.8	0x6f75	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.483006001 CET	192.168.2.4	8.8.8.8	0x84b0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.638520956 CET	192.168.2.4	8.8.8.8	0xb259	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.774463892 CET	192.168.2.4	8.8.8.8	0x7f5e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:10.027264118 CET	192.168.2.4	8.8.8.8	0xf41	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:10.196377993 CET	192.168.2.4	8.8.8.8	0xc2bf	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:10.330777884 CET	192.168.2.4	8.8.8.8	0xf0d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:10.516364098 CET	192.168.2.4	8.8.8.8	0x966c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:10.658179045 CET	192.168.2.4	8.8.8.8	0x5b22	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:11.306992054 CET	192.168.2.4	8.8.8.8	0x8cdf	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:11.481993914 CET	192.168.2.4	8.8.8.8	0xb79d	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:13.855866909 CET	192.168.2.4	8.8.8.8	0x15f8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:14.470480919 CET	192.168.2.4	8.8.8.8	0xff23	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:14.615401983 CET	192.168.2.4	8.8.8.8	0x9076	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:14.744911909 CET	192.168.2.4	8.8.8.8	0x8fb9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:14.896245956 CET	192.168.2.4	8.8.8.8	0x5289	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.026983023 CET	192.168.2.4	8.8.8.8	0x128a	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.180756092 CET	192.168.2.4	8.8.8.8	0x7387	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.323101997 CET	192.168.2.4	8.8.8.8	0x762c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.475526094 CET	192.168.2.4	8.8.8.8	0x7f18	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.608942032 CET	192.168.2.4	8.8.8.8	0xadce	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.774727106 CET	192.168.2.4	8.8.8.8	0x3026	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.906936884 CET	192.168.2.4	8.8.8.8	0xdda9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.100706100 CET	192.168.2.4	8.8.8.8	0x8c49	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.229672909 CET	192.168.2.4	8.8.8.8	0xf471	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.379829884 CET	192.168.2.4	8.8.8.8	0xff9f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.510421991 CET	192.168.2.4	8.8.8.8	0x7300	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.645801067 CET	192.168.2.4	8.8.8.8	0x56aa	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.779619932 CET	192.168.2.4	8.8.8.8	0x9ce7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.923026085 CET	192.168.2.4	8.8.8.8	0x89f1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.061486006 CET	192.168.2.4	8.8.8.8	0x3711	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.212671041 CET	192.168.2.4	8.8.8.8	0x8c08	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.337810993 CET	192.168.2.4	8.8.8.8	0xed4b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.486799955 CET	192.168.2.4	8.8.8.8	0x38d5	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.618781090 CET	192.168.2.4	8.8.8.8	0xd8f4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.770823002 CET	192.168.2.4	8.8.8.8	0x9e5f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.903266907 CET	192.168.2.4	8.8.8.8	0x6af9	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.039078951 CET	192.168.2.4	8.8.8.8	0x97	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.178113937 CET	192.168.2.4	8.8.8.8	0x83da	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.315351009 CET	192.168.2.4	8.8.8.8	0xa894	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.451560020 CET	192.168.2.4	8.8.8.8	0x45ec	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.597878933 CET	192.168.2.4	8.8.8.8	0xac40	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.728010893 CET	192.168.2.4	8.8.8.8	0x1f0b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.863476038 CET	192.168.2.4	8.8.8.8	0x185c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.994781017 CET	192.168.2.4	8.8.8.8	0x3c31	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.159801006 CET	192.168.2.4	8.8.8.8	0xd627	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.293051958 CET	192.168.2.4	8.8.8.8	0x1ef3	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.449517012 CET	192.168.2.4	8.8.8.8	0xa0ad	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.588749886 CET	192.168.2.4	8.8.8.8	0xe95e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.723443031 CET	192.168.2.4	8.8.8.8	0x5425	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.854664087 CET	192.168.2.4	8.8.8.8	0x5fa2	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.005142927 CET	192.168.2.4	8.8.8.8	0x99f	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.140417099 CET	192.168.2.4	8.8.8.8	0xacdc	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.296498060 CET	192.168.2.4	8.8.8.8	0xb2ea	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.463917971 CET	192.168.2.4	8.8.8.8	0x456b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.612943888 CET	192.168.2.4	8.8.8.8	0xd947	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.744800091 CET	192.168.2.4	8.8.8.8	0x7df7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.878829002 CET	192.168.2.4	8.8.8.8	0xe0f0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.009624958 CET	192.168.2.4	8.8.8.8	0x510b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.142291069 CET	192.168.2.4	8.8.8.8	0x4ec1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.277354956 CET	192.168.2.4	8.8.8.8	0xfb67	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.473665953 CET	192.168.2.4	8.8.8.8	0x22d7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.603286028 CET	192.168.2.4	8.8.8.8	0x26	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.743912935 CET	192.168.2.4	8.8.8.8	0xcf5e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.886195898 CET	192.168.2.4	8.8.8.8	0x450e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.039921999 CET	192.168.2.4	8.8.8.8	0xdfe8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.197942019 CET	192.168.2.4	8.8.8.8	0x36f0	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.332823038 CET	192.168.2.4	8.8.8.8	0xd46b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.464502096 CET	192.168.2.4	8.8.8.8	0x445e	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.617088079 CET	192.168.2.4	8.8.8.8	0x6d5b	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.756078959 CET	192.168.2.4	8.8.8.8	0xa2b7	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.895536900 CET	192.168.2.4	8.8.8.8	0x4737	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.030410051 CET	192.168.2.4	8.8.8.8	0x8d02	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.177103996 CET	192.168.2.4	8.8.8.8	0xf774	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.308147907 CET	192.168.2.4	8.8.8.8	0x1eaa	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.442665100 CET	192.168.2.4	8.8.8.8	0xfc55	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.574049950 CET	192.168.2.4	8.8.8.8	0x57e1	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.713648081 CET	192.168.2.4	8.8.8.8	0xe99c	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.855782032 CET	192.168.2.4	8.8.8.8	0xb8b4	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.994050026 CET	192.168.2.4	8.8.8.8	0xa0d6	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:24.545664072 CET	192.168.2.4	8.8.8.8	0x85ce	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:24.681646109 CET	192.168.2.4	8.8.8.8	0x7701	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:24.814217091 CET	192.168.2.4	8.8.8.8	0x16cd	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:24.948925018 CET	192.168.2.4	8.8.8.8	0x3472	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:25.083853960 CET	192.168.2.4	8.8.8.8	0xbfa8	Standard query (0)	toopdyno2.duckdns.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Mar 15, 2022 17:29:33.760276079 CET	8.8.8.8	192.168.2.4	0xa119	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:33.890690088 CET	8.8.8.8	192.168.2.4	0x95c3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:34.146040916 CET	8.8.8.8	192.168.2.4	0xb26	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:34.326905012 CET	8.8.8.8	192.168.2.4	0x77b3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:34.549693108 CET	8.8.8.8	192.168.2.4	0x3600	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:34.706393003 CET	8.8.8.8	192.168.2.4	0x2dca	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:34.921637058 CET	8.8.8.8	192.168.2.4	0xbdb5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:35.357336044 CET	8.8.8.8	192.168.2.4	0x18af	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:35.634143114 CET	8.8.8.8	192.168.2.4	0xd951	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:35.881172895 CET	8.8.8.8	192.168.2.4	0x3f3d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:36.025619984 CET	8.8.8.8	192.168.2.4	0xe7fc	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:36.952472925 CET	8.8.8.8	192.168.2.4	0x606c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:37.083872080 CET	8.8.8.8	192.168.2.4	0xd46c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:37.306549072 CET	8.8.8.8	192.168.2.4	0x6082	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:37.465749025 CET	8.8.8.8	192.168.2.4	0x3a97	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.039035082 CET	8.8.8.8	192.168.2.4	0xbf05	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.247200966 CET	8.8.8.8	192.168.2.4	0x9e03	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.444010973 CET	8.8.8.8	192.168.2.4	0x4acb	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.583849907 CET	8.8.8.8	192.168.2.4	0xd74e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.771110058 CET	8.8.8.8	192.168.2.4	0x3ea6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:39.899733067 CET	8.8.8.8	192.168.2.4	0xbeeb	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.111679077 CET	8.8.8.8	192.168.2.4	0xe9f1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.240329981 CET	8.8.8.8	192.168.2.4	0xf38d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.557349920 CET	8.8.8.8	192.168.2.4	0x8e9e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.692433119 CET	8.8.8.8	192.168.2.4	0xba1a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.855489969 CET	8.8.8.8	192.168.2.4	0x5115	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:40.989217043 CET	8.8.8.8	192.168.2.4	0x4d80	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.139244080 CET	8.8.8.8	192.168.2.4	0xd74a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.279700994 CET	8.8.8.8	192.168.2.4	0xf8b7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.431776047 CET	8.8.8.8	192.168.2.4	0x20ac	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.565788984 CET	8.8.8.8	192.168.2.4	0xcba2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.745071888 CET	8.8.8.8	192.168.2.4	0x6d75	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:41.880951881 CET	8.8.8.8	192.168.2.4	0x2db6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.049738884 CET	8.8.8.8	192.168.2.4	0x6153	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.177319050 CET	8.8.8.8	192.168.2.4	0xac53	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.323925972 CET	8.8.8.8	192.168.2.4	0x9da9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.466800928 CET	8.8.8.8	192.168.2.4	0xcd2b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.820755959 CET	8.8.8.8	192.168.2.4	0x1a8a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:42.967655897 CET	8.8.8.8	192.168.2.4	0x81a8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.167829037 CET	8.8.8.8	192.168.2.4	0x19e3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.299453020 CET	8.8.8.8	192.168.2.4	0x4cc5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.443061113 CET	8.8.8.8	192.168.2.4	0x2b1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.585890055 CET	8.8.8.8	192.168.2.4	0xafe	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.750031948 CET	8.8.8.8	192.168.2.4	0x72f5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:43.895330906 CET	8.8.8.8	192.168.2.4	0xa8f9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.039827108 CET	8.8.8.8	192.168.2.4	0x8de6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.179991007 CET	8.8.8.8	192.168.2.4	0x8a40	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.348366022 CET	8.8.8.8	192.168.2.4	0x56a8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.490300894 CET	8.8.8.8	192.168.2.4	0x9759	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.637110949 CET	8.8.8.8	192.168.2.4	0x643a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.779727936 CET	8.8.8.8	192.168.2.4	0x7fa7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:44.933744907 CET	8.8.8.8	192.168.2.4	0x6f68	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.107484102 CET	8.8.8.8	192.168.2.4	0xb653	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.265202999 CET	8.8.8.8	192.168.2.4	0xdd0b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.409183979 CET	8.8.8.8	192.168.2.4	0xf674	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.572304964 CET	8.8.8.8	192.168.2.4	0x4a26	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.724627018 CET	8.8.8.8	192.168.2.4	0xfa11	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:45.888439894 CET	8.8.8.8	192.168.2.4	0x70b0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.021044016 CET	8.8.8.8	192.168.2.4	0xf350	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.225924969 CET	8.8.8.8	192.168.2.4	0x6464	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.365500927 CET	8.8.8.8	192.168.2.4	0x99fc	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.533639908 CET	8.8.8.8	192.168.2.4	0x71fa	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.662447929 CET	8.8.8.8	192.168.2.4	0xd9d8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.811825991 CET	8.8.8.8	192.168.2.4	0x390a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:46.963313103 CET	8.8.8.8	192.168.2.4	0x6d60	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:47.116580963 CET	8.8.8.8	192.168.2.4	0x934f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:47.683182001 CET	8.8.8.8	192.168.2.4	0xe56c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:47.861162901 CET	8.8.8.8	192.168.2.4	0xe9ed	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:48.067550898 CET	8.8.8.8	192.168.2.4	0xdd3d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:48.426589966 CET	8.8.8.8	192.168.2.4	0xef52	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:48.579442024 CET	8.8.8.8	192.168.2.4	0x36fc	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:48.709938049 CET	8.8.8.8	192.168.2.4	0x150d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:48.872443914 CET	8.8.8.8	192.168.2.4	0xbbdb	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.007533073 CET	8.8.8.8	192.168.2.4	0xc928	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.179680109 CET	8.8.8.8	192.168.2.4	0xa1b9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.317950964 CET	8.8.8.8	192.168.2.4	0xa7e9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.467946053 CET	8.8.8.8	192.168.2.4	0x2141	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.613773108 CET	8.8.8.8	192.168.2.4	0x1d0b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.765499115 CET	8.8.8.8	192.168.2.4	0x9609	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:49.933196068 CET	8.8.8.8	192.168.2.4	0x6dc0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.085282087 CET	8.8.8.8	192.168.2.4	0x8165	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.225434065 CET	8.8.8.8	192.168.2.4	0xe06f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.416547060 CET	8.8.8.8	192.168.2.4	0xb810	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.552664995 CET	8.8.8.8	192.168.2.4	0x3563	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.723253012 CET	8.8.8.8	192.168.2.4	0x52d2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.849601984 CET	8.8.8.8	192.168.2.4	0xe3a8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:50.999639988 CET	8.8.8.8	192.168.2.4	0xad70	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.143691063 CET	8.8.8.8	192.168.2.4	0xc53e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.292397022 CET	8.8.8.8	192.168.2.4	0x4c10	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.428209066 CET	8.8.8.8	192.168.2.4	0x9551	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.608129025 CET	8.8.8.8	192.168.2.4	0xba6e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.741764069 CET	8.8.8.8	192.168.2.4	0x3000	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:51.928289890 CET	8.8.8.8	192.168.2.4	0x9076	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.053303957 CET	8.8.8.8	192.168.2.4	0x5d8b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.218220949 CET	8.8.8.8	192.168.2.4	0x4111	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.352193117 CET	8.8.8.8	192.168.2.4	0x723b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.517158031 CET	8.8.8.8	192.168.2.4	0x2b27	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.643743038 CET	8.8.8.8	192.168.2.4	0x8c22	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.795270920 CET	8.8.8.8	192.168.2.4	0xe13	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:52.929344893 CET	8.8.8.8	192.168.2.4	0xd495	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.087909937 CET	8.8.8.8	192.168.2.4	0x6934	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.229262114 CET	8.8.8.8	192.168.2.4	0xefff	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.399960041 CET	8.8.8.8	192.168.2.4	0x15a1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.576560020 CET	8.8.8.8	192.168.2.4	0x8e98	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.732767105 CET	8.8.8.8	192.168.2.4	0xe9c8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:53.881146908 CET	8.8.8.8	192.168.2.4	0x2219	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:54.022995949 CET	8.8.8.8	192.168.2.4	0x2154	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:54.164764881 CET	8.8.8.8	192.168.2.4	0x88c3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:54.335916996 CET	8.8.8.8	192.168.2.4	0x4e9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:55.124010086 CET	8.8.8.8	192.168.2.4	0x4641	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:55.291604996 CET	8.8.8.8	192.168.2.4	0x176d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:56.029058933 CET	8.8.8.8	192.168.2.4	0xeeec	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:56.213742018 CET	8.8.8.8	192.168.2.4	0xd166	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:56.430938959 CET	8.8.8.8	192.168.2.4	0x52f6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:56.626565933 CET	8.8.8.8	192.168.2.4	0xdb41	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:57.965049028 CET	8.8.8.8	192.168.2.4	0x9bc1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.099390984 CET	8.8.8.8	192.168.2.4	0x4810	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.251347065 CET	8.8.8.8	192.168.2.4	0x9563	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.381542921 CET	8.8.8.8	192.168.2.4	0x9952	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.522675037 CET	8.8.8.8	192.168.2.4	0xdd4f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.675678015 CET	8.8.8.8	192.168.2.4	0x662d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.828243971 CET	8.8.8.8	192.168.2.4	0x1d29	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:58.964571953 CET	8.8.8.8	192.168.2.4	0x3408	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.159034967 CET	8.8.8.8	192.168.2.4	0xf325	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.292448044 CET	8.8.8.8	192.168.2.4	0xc0f3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.444762945 CET	8.8.8.8	192.168.2.4	0x40a2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.569571972 CET	8.8.8.8	192.168.2.4	0xb2b7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.721537113 CET	8.8.8.8	192.168.2.4	0x93b7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:29:59.873231888 CET	8.8.8.8	192.168.2.4	0x647b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.022809029 CET	8.8.8.8	192.168.2.4	0x3f8b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.164640903 CET	8.8.8.8	192.168.2.4	0xae67	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.327310085 CET	8.8.8.8	192.168.2.4	0xee13	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.456914902 CET	8.8.8.8	192.168.2.4	0x1f1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.596313000 CET	8.8.8.8	192.168.2.4	0x339b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.728971958 CET	8.8.8.8	192.168.2.4	0x5de4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:00.890610933 CET	8.8.8.8	192.168.2.4	0x7dda	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:01.029273033 CET	8.8.8.8	192.168.2.4	0x168	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:01.214709997 CET	8.8.8.8	192.168.2.4	0xb906	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:01.350847006 CET	8.8.8.8	192.168.2.4	0xd329	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:01.492535114 CET	8.8.8.8	192.168.2.4	0xb667	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:01.934509039 CET	8.8.8.8	192.168.2.4	0xf103	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:02.314338923 CET	8.8.8.8	192.168.2.4	0x8548	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:02.455672979 CET	8.8.8.8	192.168.2.4	0xc1c3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:02.586395979 CET	8.8.8.8	192.168.2.4	0x6c89	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:02.743869066 CET	8.8.8.8	192.168.2.4	0xd856	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:02.881593943 CET	8.8.8.8	192.168.2.4	0x6e05	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.016602993 CET	8.8.8.8	192.168.2.4	0x289b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.153498888 CET	8.8.8.8	192.168.2.4	0x8af	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.299031019 CET	8.8.8.8	192.168.2.4	0x2b8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.428560972 CET	8.8.8.8	192.168.2.4	0x28f3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.573165894 CET	8.8.8.8	192.168.2.4	0xc471	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.709990025 CET	8.8.8.8	192.168.2.4	0x583d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.848809004 CET	8.8.8.8	192.168.2.4	0xf062	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:03.975824118 CET	8.8.8.8	192.168.2.4	0x40e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.115051985 CET	8.8.8.8	192.168.2.4	0xd282	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.255137920 CET	8.8.8.8	192.168.2.4	0xf301	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.404195070 CET	8.8.8.8	192.168.2.4	0xf391	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.537368059 CET	8.8.8.8	192.168.2.4	0x7da5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.680016041 CET	8.8.8.8	192.168.2.4	0xd568	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.826606035 CET	8.8.8.8	192.168.2.4	0x1ecc	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:04.973257065 CET	8.8.8.8	192.168.2.4	0x5e42	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.131773949 CET	8.8.8.8	192.168.2.4	0x118b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.270051003 CET	8.8.8.8	192.168.2.4	0x5aeb	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.398745060 CET	8.8.8.8	192.168.2.4	0xa17	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.593168974 CET	8.8.8.8	192.168.2.4	0xa898	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.731939077 CET	8.8.8.8	192.168.2.4	0xee8f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:05.877988100 CET	8.8.8.8	192.168.2.4	0x332b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.006896973 CET	8.8.8.8	192.168.2.4	0x7465	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.138079882 CET	8.8.8.8	192.168.2.4	0x77c4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.274414062 CET	8.8.8.8	192.168.2.4	0xb565	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.420639038 CET	8.8.8.8	192.168.2.4	0x2fa2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.552870989 CET	8.8.8.8	192.168.2.4	0xa53e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.685159922 CET	8.8.8.8	192.168.2.4	0xeeb7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.821084023 CET	8.8.8.8	192.168.2.4	0x92e9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:06.968533039 CET	8.8.8.8	192.168.2.4	0x4173	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.100446939 CET	8.8.8.8	192.168.2.4	0x3f52	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.232486010 CET	8.8.8.8	192.168.2.4	0xcfa0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.370012999 CET	8.8.8.8	192.168.2.4	0x5eb5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.520174026 CET	8.8.8.8	192.168.2.4	0xf95c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.666697025 CET	8.8.8.8	192.168.2.4	0x3687	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.819798946 CET	8.8.8.8	192.168.2.4	0xcc0d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:07.947582006 CET	8.8.8.8	192.168.2.4	0x3400	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.104408026 CET	8.8.8.8	192.168.2.4	0x479b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.240585089 CET	8.8.8.8	192.168.2.4	0x20cf	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.378551006 CET	8.8.8.8	192.168.2.4	0x2e07	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.506350994 CET	8.8.8.8	192.168.2.4	0x857a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.680377007 CET	8.8.8.8	192.168.2.4	0x733a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.821408987 CET	8.8.8.8	192.168.2.4	0x10d5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:08.988440037 CET	8.8.8.8	192.168.2.4	0xc47c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:09.113672018 CET	8.8.8.8	192.168.2.4	0x6e53	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:09.252300978 CET	8.8.8.8	192.168.2.4	0x5bd	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:09.383039951 CET	8.8.8.8	192.168.2.4	0x95fb	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:09.753591061 CET	8.8.8.8	192.168.2.4	0xa7b5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:09.883198977 CET	8.8.8.8	192.168.2.4	0x6b22	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.040194988 CET	8.8.8.8	192.168.2.4	0xf9a5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.180450916 CET	8.8.8.8	192.168.2.4	0x1a5f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.328402996 CET	8.8.8.8	192.168.2.4	0x7f34	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.465616941 CET	8.8.8.8	192.168.2.4	0x6345	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.608251095 CET	8.8.8.8	192.168.2.4	0x31e5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.743135929 CET	8.8.8.8	192.168.2.4	0x99c3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:10.897877932 CET	8.8.8.8	192.168.2.4	0xb893	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.027151108 CET	8.8.8.8	192.168.2.4	0x4a95	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.175606966 CET	8.8.8.8	192.168.2.4	0xa2fb	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.303282022 CET	8.8.8.8	192.168.2.4	0xdc1b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.446461916 CET	8.8.8.8	192.168.2.4	0xf9b4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.590050936 CET	8.8.8.8	192.168.2.4	0xbbc2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.731539011 CET	8.8.8.8	192.168.2.4	0x165c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:11.865102053 CET	8.8.8.8	192.168.2.4	0xd55	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.008852959 CET	8.8.8.8	192.168.2.4	0xa2b6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.146754980 CET	8.8.8.8	192.168.2.4	0x53ef	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.283169031 CET	8.8.8.8	192.168.2.4	0xe11e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.441983938 CET	8.8.8.8	192.168.2.4	0xeb56	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.580715895 CET	8.8.8.8	192.168.2.4	0xce0b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.716562986 CET	8.8.8.8	192.168.2.4	0x9ebc	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.863082886 CET	8.8.8.8	192.168.2.4	0xb1a0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:12.996323109 CET	8.8.8.8	192.168.2.4	0xb0ec	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:13.170902014 CET	8.8.8.8	192.168.2.4	0x9a7f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:13.304702997 CET	8.8.8.8	192.168.2.4	0xe7e4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:13.626056910 CET	8.8.8.8	192.168.2.4	0x6c83	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:13.782706976 CET	8.8.8.8	192.168.2.4	0x2b87	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:13.929697037 CET	8.8.8.8	192.168.2.4	0x54d9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:14.101126909 CET	8.8.8.8	192.168.2.4	0x855d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:14.233875036 CET	8.8.8.8	192.168.2.4	0xdbe9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:14.983457088 CET	8.8.8.8	192.168.2.4	0x6b56	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:15.166443110 CET	8.8.8.8	192.168.2.4	0x9880	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:15.307991028 CET	8.8.8.8	192.168.2.4	0xa9d0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:15.522810936 CET	8.8.8.8	192.168.2.4	0xfbd5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:16.724888086 CET	8.8.8.8	192.168.2.4	0x6074	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:16.929416895 CET	8.8.8.8	192.168.2.4	0x6fb	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:17.341285944 CET	8.8.8.8	192.168.2.4	0xac77	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:17.492711067 CET	8.8.8.8	192.168.2.4	0x43de	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:17.631035089 CET	8.8.8.8	192.168.2.4	0x81f6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:17.760217905 CET	8.8.8.8	192.168.2.4	0xdb1b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:17.904742002 CET	8.8.8.8	192.168.2.4	0x12a3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.040107965 CET	8.8.8.8	192.168.2.4	0xab37	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.175719023 CET	8.8.8.8	192.168.2.4	0x476f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.306953907 CET	8.8.8.8	192.168.2.4	0xcb6a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.476408958 CET	8.8.8.8	192.168.2.4	0xd443	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.603069067 CET	8.8.8.8	192.168.2.4	0x5321	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.752887964 CET	8.8.8.8	192.168.2.4	0x9ac2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:18.888405085 CET	8.8.8.8	192.168.2.4	0xe1b1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.030623913 CET	8.8.8.8	192.168.2.4	0xd873	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.203591108 CET	8.8.8.8	192.168.2.4	0x32dd	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.351428986 CET	8.8.8.8	192.168.2.4	0x271d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.482044935 CET	8.8.8.8	192.168.2.4	0x9ee0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.633507967 CET	8.8.8.8	192.168.2.4	0xc816	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.758385897 CET	8.8.8.8	192.168.2.4	0xf465	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:19.896960020 CET	8.8.8.8	192.168.2.4	0x5cc4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.040760994 CET	8.8.8.8	192.168.2.4	0x6450	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.202105045 CET	8.8.8.8	192.168.2.4	0x9bea	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.339260101 CET	8.8.8.8	192.168.2.4	0xe25c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.488132954 CET	8.8.8.8	192.168.2.4	0x4212	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.616149902 CET	8.8.8.8	192.168.2.4	0xf215	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.752695084 CET	8.8.8.8	192.168.2.4	0x9f27	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:20.899079084 CET	8.8.8.8	192.168.2.4	0xfedf	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.042318106 CET	8.8.8.8	192.168.2.4	0x24d1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.178360939 CET	8.8.8.8	192.168.2.4	0x242c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.313546896 CET	8.8.8.8	192.168.2.4	0x3e6a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.473917007 CET	8.8.8.8	192.168.2.4	0xfc7c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.617309093 CET	8.8.8.8	192.168.2.4	0x5ebf	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.756213903 CET	8.8.8.8	192.168.2.4	0x1573	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:21.909617901 CET	8.8.8.8	192.168.2.4	0x463b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.040858984 CET	8.8.8.8	192.168.2.4	0x59e4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.207859039 CET	8.8.8.8	192.168.2.4	0xe63b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.338732958 CET	8.8.8.8	192.168.2.4	0xef46	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.495110035 CET	8.8.8.8	192.168.2.4	0x2d65	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.647739887 CET	8.8.8.8	192.168.2.4	0x5348	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.780802965 CET	8.8.8.8	192.168.2.4	0xd621	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:22.916409969 CET	8.8.8.8	192.168.2.4	0xd35b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.071885109 CET	8.8.8.8	192.168.2.4	0x4807	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.214936018 CET	8.8.8.8	192.168.2.4	0x31a0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.363605976 CET	8.8.8.8	192.168.2.4	0x8407	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.495484114 CET	8.8.8.8	192.168.2.4	0x51f4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.675426960 CET	8.8.8.8	192.168.2.4	0x2406	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.805543900 CET	8.8.8.8	192.168.2.4	0xe2d3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:23.960712910 CET	8.8.8.8	192.168.2.4	0x4754	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.086658955 CET	8.8.8.8	192.168.2.4	0xca5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.229386091 CET	8.8.8.8	192.168.2.4	0x37e1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.367247105 CET	8.8.8.8	192.168.2.4	0x2b78	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.517924070 CET	8.8.8.8	192.168.2.4	0xae39	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.647181988 CET	8.8.8.8	192.168.2.4	0x71d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.780109882 CET	8.8.8.8	192.168.2.4	0x8c36	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:24.914072037 CET	8.8.8.8	192.168.2.4	0x4f18	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.057841063 CET	8.8.8.8	192.168.2.4	0x913	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.194220066 CET	8.8.8.8	192.168.2.4	0x2f37	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.337059021 CET	8.8.8.8	192.168.2.4	0xc266	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.460946083 CET	8.8.8.8	192.168.2.4	0x48fd	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.627626896 CET	8.8.8.8	192.168.2.4	0x9aba	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.760214090 CET	8.8.8.8	192.168.2.4	0x3cde	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:25.907253027 CET	8.8.8.8	192.168.2.4	0xe9a5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:26.042213917 CET	8.8.8.8	192.168.2.4	0x7e51	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:26.195887089 CET	8.8.8.8	192.168.2.4	0x7e8d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:26.322693110 CET	8.8.8.8	192.168.2.4	0x4d2e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:26.491316080 CET	8.8.8.8	192.168.2.4	0x9f93	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.038790941 CET	8.8.8.8	192.168.2.4	0x2b1d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.182220936 CET	8.8.8.8	192.168.2.4	0x3fa8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.336577892 CET	8.8.8.8	192.168.2.4	0x45c0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.481342077 CET	8.8.8.8	192.168.2.4	0xed35	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.631014109 CET	8.8.8.8	192.168.2.4	0x5d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.795586109 CET	8.8.8.8	192.168.2.4	0x39b1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:27.943001032 CET	8.8.8.8	192.168.2.4	0xd5f7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.071975946 CET	8.8.8.8	192.168.2.4	0xf9fd	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.236367941 CET	8.8.8.8	192.168.2.4	0x26ac	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.367192984 CET	8.8.8.8	192.168.2.4	0xb93c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.505263090 CET	8.8.8.8	192.168.2.4	0xbacc	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.643764019 CET	8.8.8.8	192.168.2.4	0xbbbe	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.783031940 CET	8.8.8.8	192.168.2.4	0x4be0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:28.919316053 CET	8.8.8.8	192.168.2.4	0x65fc	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.061259985 CET	8.8.8.8	192.168.2.4	0xe215	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.196772099 CET	8.8.8.8	192.168.2.4	0x5135	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.330326080 CET	8.8.8.8	192.168.2.4	0xdc84	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.462021112 CET	8.8.8.8	192.168.2.4	0xd124	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.599013090 CET	8.8.8.8	192.168.2.4	0x50a0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.728177071 CET	8.8.8.8	192.168.2.4	0xc3c0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:29.902156115 CET	8.8.8.8	192.168.2.4	0xf64f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.039398909 CET	8.8.8.8	192.168.2.4	0x9499	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.204462051 CET	8.8.8.8	192.168.2.4	0x11e4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.335052013 CET	8.8.8.8	192.168.2.4	0x9a53	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.472304106 CET	8.8.8.8	192.168.2.4	0x6c08	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.605082989 CET	8.8.8.8	192.168.2.4	0xd488	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.751559973 CET	8.8.8.8	192.168.2.4	0xacc4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:30.887574911 CET	8.8.8.8	192.168.2.4	0xf094	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.029407978 CET	8.8.8.8	192.168.2.4	0xb3fc	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.164482117 CET	8.8.8.8	192.168.2.4	0x7abf	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.296340942 CET	8.8.8.8	192.168.2.4	0xc513	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.434876919 CET	8.8.8.8	192.168.2.4	0xc2d5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.586222887 CET	8.8.8.8	192.168.2.4	0xcd11	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.727612019 CET	8.8.8.8	192.168.2.4	0x7b1a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.860349894 CET	8.8.8.8	192.168.2.4	0x83f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:31.998081923 CET	8.8.8.8	192.168.2.4	0x5609	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:32.189152002 CET	8.8.8.8	192.168.2.4	0x64b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:32.532346964 CET	8.8.8.8	192.168.2.4	0x7c69	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:32.672714949 CET	8.8.8.8	192.168.2.4	0x6762	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:32.809459925 CET	8.8.8.8	192.168.2.4	0x4c2a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:32.992866993 CET	8.8.8.8	192.168.2.4	0x5c74	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:33.118432999 CET	8.8.8.8	192.168.2.4	0x4267	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:33.713342905 CET	8.8.8.8	192.168.2.4	0x42a4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:33.855038881 CET	8.8.8.8	192.168.2.4	0x70ef	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:34.044529915 CET	8.8.8.8	192.168.2.4	0x593d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:34.271450043 CET	8.8.8.8	192.168.2.4	0xe672	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:35.630825996 CET	8.8.8.8	192.168.2.4	0x51b8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:35.779808044 CET	8.8.8.8	192.168.2.4	0x6f67	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:36.014369011 CET	8.8.8.8	192.168.2.4	0xa0a2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:36.150413036 CET	8.8.8.8	192.168.2.4	0x8765	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:36.399511099 CET	8.8.8.8	192.168.2.4	0xb37e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:36.530852079 CET	8.8.8.8	192.168.2.4	0x5aca	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:36.766781092 CET	8.8.8.8	192.168.2.4	0x688c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:36.902215004 CET	8.8.8.8	192.168.2.4	0x3ada	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:37.167648077 CET	8.8.8.8	192.168.2.4	0x3a46	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:37.308546066 CET	8.8.8.8	192.168.2.4	0x452c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:37.496300936 CET	8.8.8.8	192.168.2.4	0xc5cd	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:37.633675098 CET	8.8.8.8	192.168.2.4	0x9720	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:37.996308088 CET	8.8.8.8	192.168.2.4	0x84d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.135931969 CET	8.8.8.8	192.168.2.4	0xe092	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.288059950 CET	8.8.8.8	192.168.2.4	0x75c6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.417836905 CET	8.8.8.8	192.168.2.4	0xb56a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.573399067 CET	8.8.8.8	192.168.2.4	0x99a7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.811264992 CET	8.8.8.8	192.168.2.4	0x30a7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:38.957926989 CET	8.8.8.8	192.168.2.4	0x34b8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.090362072 CET	8.8.8.8	192.168.2.4	0x9f64	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.237366915 CET	8.8.8.8	192.168.2.4	0xe0fa	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.377111912 CET	8.8.8.8	192.168.2.4	0x2c9c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.523741961 CET	8.8.8.8	192.168.2.4	0xf788	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.648911953 CET	8.8.8.8	192.168.2.4	0xade2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.834811926 CET	8.8.8.8	192.168.2.4	0x428	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:39.964608908 CET	8.8.8.8	192.168.2.4	0xe13f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.115458012 CET	8.8.8.8	192.168.2.4	0xa011	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.243098021 CET	8.8.8.8	192.168.2.4	0x41a5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.472908020 CET	8.8.8.8	192.168.2.4	0x5f32	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.604947090 CET	8.8.8.8	192.168.2.4	0x679a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.757191896 CET	8.8.8.8	192.168.2.4	0xfa8b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:40.896919012 CET	8.8.8.8	192.168.2.4	0x3de6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.036262989 CET	8.8.8.8	192.168.2.4	0x7b56	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.168570995 CET	8.8.8.8	192.168.2.4	0x55ec	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.321962118 CET	8.8.8.8	192.168.2.4	0xa9c8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.463291883 CET	8.8.8.8	192.168.2.4	0x939f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.597496986 CET	8.8.8.8	192.168.2.4	0x7021	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.728035927 CET	8.8.8.8	192.168.2.4	0xebcf	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:41.904182911 CET	8.8.8.8	192.168.2.4	0xe0e3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.045459032 CET	8.8.8.8	192.168.2.4	0xe2ec	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.206296921 CET	8.8.8.8	192.168.2.4	0xdafe	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.336863041 CET	8.8.8.8	192.168.2.4	0x4a7d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.471606970 CET	8.8.8.8	192.168.2.4	0xb6ec	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.623369932 CET	8.8.8.8	192.168.2.4	0xd780	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.771013975 CET	8.8.8.8	192.168.2.4	0x9c14	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:42.902998924 CET	8.8.8.8	192.168.2.4	0x7e6c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.056319952 CET	8.8.8.8	192.168.2.4	0xf295	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.205044985 CET	8.8.8.8	192.168.2.4	0xb9b7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.354501009 CET	8.8.8.8	192.168.2.4	0xd3b8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.479001999 CET	8.8.8.8	192.168.2.4	0xfe35	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.637419939 CET	8.8.8.8	192.168.2.4	0xd98	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.773225069 CET	8.8.8.8	192.168.2.4	0xbca5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:43.906073093 CET	8.8.8.8	192.168.2.4	0x860e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.060481071 CET	8.8.8.8	192.168.2.4	0xd60	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.206938982 CET	8.8.8.8	192.168.2.4	0x6ce8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.350548029 CET	8.8.8.8	192.168.2.4	0x3607	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.489320040 CET	8.8.8.8	192.168.2.4	0x240d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.619196892 CET	8.8.8.8	192.168.2.4	0x6623	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:44.755786896 CET	8.8.8.8	192.168.2.4	0x4b6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.087059975 CET	8.8.8.8	192.168.2.4	0x6b09	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.220207930 CET	8.8.8.8	192.168.2.4	0x8057	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.353867054 CET	8.8.8.8	192.168.2.4	0x9b30	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.492969036 CET	8.8.8.8	192.168.2.4	0x72b7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.621145010 CET	8.8.8.8	192.168.2.4	0x651e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.776271105 CET	8.8.8.8	192.168.2.4	0x1645	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:45.919970036 CET	8.8.8.8	192.168.2.4	0xa1a6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.062537909 CET	8.8.8.8	192.168.2.4	0x9e90	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.202421904 CET	8.8.8.8	192.168.2.4	0xee4b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.347420931 CET	8.8.8.8	192.168.2.4	0x746c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.479461908 CET	8.8.8.8	192.168.2.4	0x3af5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.621872902 CET	8.8.8.8	192.168.2.4	0x72c2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.764950991 CET	8.8.8.8	192.168.2.4	0x7385	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:46.912988901 CET	8.8.8.8	192.168.2.4	0x3c3d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.039863110 CET	8.8.8.8	192.168.2.4	0x5720	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.208169937 CET	8.8.8.8	192.168.2.4	0x697b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.353674889 CET	8.8.8.8	192.168.2.4	0x662a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.487025976 CET	8.8.8.8	192.168.2.4	0xa7e7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.618891001 CET	8.8.8.8	192.168.2.4	0xd121	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.756968021 CET	8.8.8.8	192.168.2.4	0x9fe5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:47.885518074 CET	8.8.8.8	192.168.2.4	0x1d37	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.050054073 CET	8.8.8.8	192.168.2.4	0x2b30	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.182291985 CET	8.8.8.8	192.168.2.4	0x1299	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.318531036 CET	8.8.8.8	192.168.2.4	0xf737	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.452637911 CET	8.8.8.8	192.168.2.4	0xdfd5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.599626064 CET	8.8.8.8	192.168.2.4	0xe1b5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.729948997 CET	8.8.8.8	192.168.2.4	0xb05f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:48.902844906 CET	8.8.8.8	192.168.2.4	0xa96d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.042249918 CET	8.8.8.8	192.168.2.4	0x5e76	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.188076019 CET	8.8.8.8	192.168.2.4	0x8c01	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.323075056 CET	8.8.8.8	192.168.2.4	0x4c6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.455518961 CET	8.8.8.8	192.168.2.4	0x4e17	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.594281912 CET	8.8.8.8	192.168.2.4	0xa90b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:49.744049072 CET	8.8.8.8	192.168.2.4	0x9923	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.136446953 CET	8.8.8.8	192.168.2.4	0x961	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.264385939 CET	8.8.8.8	192.168.2.4	0x79a8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.413714886 CET	8.8.8.8	192.168.2.4	0x341d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.541685104 CET	8.8.8.8	192.168.2.4	0xc717	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.674716949 CET	8.8.8.8	192.168.2.4	0xe0a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.811916113 CET	8.8.8.8	192.168.2.4	0xa6bb	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:50.994733095 CET	8.8.8.8	192.168.2.4	0x13ab	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.169224977 CET	8.8.8.8	192.168.2.4	0xcc3b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.389938116 CET	8.8.8.8	192.168.2.4	0x8db1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.523274899 CET	8.8.8.8	192.168.2.4	0x537	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.656466007 CET	8.8.8.8	192.168.2.4	0xf4c9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.833012104 CET	8.8.8.8	192.168.2.4	0xbe1b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:51.970714092 CET	8.8.8.8	192.168.2.4	0x8595	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:52.108716011 CET	8.8.8.8	192.168.2.4	0x97e2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:52.664807081 CET	8.8.8.8	192.168.2.4	0x2536	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:52.824918032 CET	8.8.8.8	192.168.2.4	0xbac	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:52.974417925 CET	8.8.8.8	192.168.2.4	0x6032	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:53.165549994 CET	8.8.8.8	192.168.2.4	0x91e7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.244474888 CET	8.8.8.8	192.168.2.4	0x8873	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.369203091 CET	8.8.8.8	192.168.2.4	0x6b3e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.557360888 CET	8.8.8.8	192.168.2.4	0xd33e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.684055090 CET	8.8.8.8	192.168.2.4	0xdc2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.812292099 CET	8.8.8.8	192.168.2.4	0x9bf6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:54.948630095 CET	8.8.8.8	192.168.2.4	0x6548	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:55.101263046 CET	8.8.8.8	192.168.2.4	0x3a6e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:55.534271002 CET	8.8.8.8	192.168.2.4	0xf96d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:55.672504902 CET	8.8.8.8	192.168.2.4	0x4ab5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:55.826105118 CET	8.8.8.8	192.168.2.4	0x3fbf	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:55.963299036 CET	8.8.8.8	192.168.2.4	0x892a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.119362116 CET	8.8.8.8	192.168.2.4	0x34d2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.250804901 CET	8.8.8.8	192.168.2.4	0x1b68	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.397926092 CET	8.8.8.8	192.168.2.4	0xb3e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.524985075 CET	8.8.8.8	192.168.2.4	0xc0b0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.659451008 CET	8.8.8.8	192.168.2.4	0x6863	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.796314001 CET	8.8.8.8	192.168.2.4	0xb055	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:56.940917969 CET	8.8.8.8	192.168.2.4	0xb9c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.086941004 CET	8.8.8.8	192.168.2.4	0xd801	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.220892906 CET	8.8.8.8	192.168.2.4	0x4038	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.358076096 CET	8.8.8.8	192.168.2.4	0xdbd8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.504374027 CET	8.8.8.8	192.168.2.4	0x2399	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.636394024 CET	8.8.8.8	192.168.2.4	0x6c43	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.768388987 CET	8.8.8.8	192.168.2.4	0x9ef1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:57.900799036 CET	8.8.8.8	192.168.2.4	0x9945	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.058178902 CET	8.8.8.8	192.168.2.4	0xdf02	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.188980103 CET	8.8.8.8	192.168.2.4	0x5c7d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.334605932 CET	8.8.8.8	192.168.2.4	0x50c5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.465250969 CET	8.8.8.8	192.168.2.4	0xee4e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.613795996 CET	8.8.8.8	192.168.2.4	0xe1eb	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.746138096 CET	8.8.8.8	192.168.2.4	0x39c7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:58.884211063 CET	8.8.8.8	192.168.2.4	0x25ea	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:59.010284901 CET	8.8.8.8	192.168.2.4	0x361c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:59.141640902 CET	8.8.8.8	192.168.2.4	0xb151	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:59.279612064 CET	8.8.8.8	192.168.2.4	0x35d2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:59.436573029 CET	8.8.8.8	192.168.2.4	0x6cd	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:30:59.578551054 CET	8.8.8.8	192.168.2.4	0xecad	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.097987890 CET	8.8.8.8	192.168.2.4	0x9273	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.245170116 CET	8.8.8.8	192.168.2.4	0x89fd	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.378367901 CET	8.8.8.8	192.168.2.4	0x120d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.514060020 CET	8.8.8.8	192.168.2.4	0xbfca	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.675729036 CET	8.8.8.8	192.168.2.4	0xdad4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.816076994 CET	8.8.8.8	192.168.2.4	0xaeee	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:00.960582018 CET	8.8.8.8	192.168.2.4	0xa812	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.126727104 CET	8.8.8.8	192.168.2.4	0xa1f5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.270226002 CET	8.8.8.8	192.168.2.4	0x80cf	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.401133060 CET	8.8.8.8	192.168.2.4	0x5fc6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.539742947 CET	8.8.8.8	192.168.2.4	0xb907	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.674350023 CET	8.8.8.8	192.168.2.4	0x770d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.815763950 CET	8.8.8.8	192.168.2.4	0xe237	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:01.950217962 CET	8.8.8.8	192.168.2.4	0xb793	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.102514982 CET	8.8.8.8	192.168.2.4	0x476e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.247231960 CET	8.8.8.8	192.168.2.4	0xeca7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.382541895 CET	8.8.8.8	192.168.2.4	0x97ed	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.515697002 CET	8.8.8.8	192.168.2.4	0xc39b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.661336899 CET	8.8.8.8	192.168.2.4	0x5885	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.792656898 CET	8.8.8.8	192.168.2.4	0xceee	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:02.950139046 CET	8.8.8.8	192.168.2.4	0x5597	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.075588942 CET	8.8.8.8	192.168.2.4	0xca12	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.222717047 CET	8.8.8.8	192.168.2.4	0xfe25	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.356784105 CET	8.8.8.8	192.168.2.4	0x3b48	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.506422043 CET	8.8.8.8	192.168.2.4	0xc874	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.649044037 CET	8.8.8.8	192.168.2.4	0xc79a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.794909954 CET	8.8.8.8	192.168.2.4	0x379b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:03.933031082 CET	8.8.8.8	192.168.2.4	0x3f3e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.068224907 CET	8.8.8.8	192.168.2.4	0x2de9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.200100899 CET	8.8.8.8	192.168.2.4	0xe528	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.333100080 CET	8.8.8.8	192.168.2.4	0x6c57	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.480528116 CET	8.8.8.8	192.168.2.4	0x258d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.603451967 CET	8.8.8.8	192.168.2.4	0xd8b2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.760055065 CET	8.8.8.8	192.168.2.4	0xfbb5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:04.887797117 CET	8.8.8.8	192.168.2.4	0xec4c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.020205975 CET	8.8.8.8	192.168.2.4	0x453d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.157500982 CET	8.8.8.8	192.168.2.4	0x17c5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.320660114 CET	8.8.8.8	192.168.2.4	0xe00a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.451251030 CET	8.8.8.8	192.168.2.4	0x23ef	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.608686924 CET	8.8.8.8	192.168.2.4	0x9fa8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.745346069 CET	8.8.8.8	192.168.2.4	0x7ac8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:05.893616915 CET	8.8.8.8	192.168.2.4	0x4380	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.030781031 CET	8.8.8.8	192.168.2.4	0xaec0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.189080954 CET	8.8.8.8	192.168.2.4	0xe7db	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.326080084 CET	8.8.8.8	192.168.2.4	0x65a6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.476687908 CET	8.8.8.8	192.168.2.4	0xe336	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.641040087 CET	8.8.8.8	192.168.2.4	0x819d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.792604923 CET	8.8.8.8	192.168.2.4	0x176e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:06.938914061 CET	8.8.8.8	192.168.2.4	0x579	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.095290899 CET	8.8.8.8	192.168.2.4	0xf0a2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.230721951 CET	8.8.8.8	192.168.2.4	0xd873	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.381972075 CET	8.8.8.8	192.168.2.4	0xf80e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.510577917 CET	8.8.8.8	192.168.2.4	0xca5e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.662194014 CET	8.8.8.8	192.168.2.4	0x149	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.796895027 CET	8.8.8.8	192.168.2.4	0x983e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:07.937709093 CET	8.8.8.8	192.168.2.4	0x61bf	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.076034069 CET	8.8.8.8	192.168.2.4	0xf3d9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.231674910 CET	8.8.8.8	192.168.2.4	0x8c19	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.371432066 CET	8.8.8.8	192.168.2.4	0x3c4e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.523710012 CET	8.8.8.8	192.168.2.4	0xa824	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.656258106 CET	8.8.8.8	192.168.2.4	0x410f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.803577900 CET	8.8.8.8	192.168.2.4	0x343d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:08.935734987 CET	8.8.8.8	192.168.2.4	0x44f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.087755919 CET	8.8.8.8	192.168.2.4	0xb764	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.217596054 CET	8.8.8.8	192.168.2.4	0x2c72	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.361294985 CET	8.8.8.8	192.168.2.4	0x6f75	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.499265909 CET	8.8.8.8	192.168.2.4	0x84b0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.656861067 CET	8.8.8.8	192.168.2.4	0xb259	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:09.792067051 CET	8.8.8.8	192.168.2.4	0x7f5e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:10.046315908 CET	8.8.8.8	192.168.2.4	0xf41	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:10.214607000 CET	8.8.8.8	192.168.2.4	0xc2bf	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:10.349523067 CET	8.8.8.8	192.168.2.4	0xf0d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:10.536420107 CET	8.8.8.8	192.168.2.4	0x966c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:10.677119017 CET	8.8.8.8	192.168.2.4	0x5b22	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:11.325301886 CET	8.8.8.8	192.168.2.4	0x8cdf	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:11.501902103 CET	8.8.8.8	192.168.2.4	0xb79d	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:13.874360085 CET	8.8.8.8	192.168.2.4	0x15f8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:14.489401102 CET	8.8.8.8	192.168.2.4	0xff23	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:14.632725954 CET	8.8.8.8	192.168.2.4	0x9076	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:14.763488054 CET	8.8.8.8	192.168.2.4	0x8fb9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:14.915133953 CET	8.8.8.8	192.168.2.4	0x5289	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.045221090 CET	8.8.8.8	192.168.2.4	0x128a	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.200653076 CET	8.8.8.8	192.168.2.4	0x7387	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.341412067 CET	8.8.8.8	192.168.2.4	0x762c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.493829012 CET	8.8.8.8	192.168.2.4	0x7f18	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.627440929 CET	8.8.8.8	192.168.2.4	0xadce	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.791873932 CET	8.8.8.8	192.168.2.4	0x3026	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:15.925592899 CET	8.8.8.8	192.168.2.4	0xdda9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.116930008 CET	8.8.8.8	192.168.2.4	0x8c49	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.248106003 CET	8.8.8.8	192.168.2.4	0xf471	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.396482944 CET	8.8.8.8	192.168.2.4	0xff9f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.529392958 CET	8.8.8.8	192.168.2.4	0x7300	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.664040089 CET	8.8.8.8	192.168.2.4	0x56aa	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.795887947 CET	8.8.8.8	192.168.2.4	0x9ce7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:16.941684961 CET	8.8.8.8	192.168.2.4	0x89f1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.079732895 CET	8.8.8.8	192.168.2.4	0x3711	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.231422901 CET	8.8.8.8	192.168.2.4	0x8c08	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.354827881 CET	8.8.8.8	192.168.2.4	0xed4b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.503597021 CET	8.8.8.8	192.168.2.4	0x38d5	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.635490894 CET	8.8.8.8	192.168.2.4	0xd8f4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.787503958 CET	8.8.8.8	192.168.2.4	0x9e5f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:17.919666052 CET	8.8.8.8	192.168.2.4	0x6af9	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.058301926 CET	8.8.8.8	192.168.2.4	0x97	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.196475029 CET	8.8.8.8	192.168.2.4	0x83da	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.331981897 CET	8.8.8.8	192.168.2.4	0xa894	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.470560074 CET	8.8.8.8	192.168.2.4	0x45ec	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.614809990 CET	8.8.8.8	192.168.2.4	0xac40	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.744611025 CET	8.8.8.8	192.168.2.4	0x1f0b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:18.881711006 CET	8.8.8.8	192.168.2.4	0x185c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.013922930 CET	8.8.8.8	192.168.2.4	0x3c31	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.178025007 CET	8.8.8.8	192.168.2.4	0xd627	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.311510086 CET	8.8.8.8	192.168.2.4	0x1ef3	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.467772007 CET	8.8.8.8	192.168.2.4	0xa0ad	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.607217073 CET	8.8.8.8	192.168.2.4	0xe95e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.739722013 CET	8.8.8.8	192.168.2.4	0x5425	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:19.873919010 CET	8.8.8.8	192.168.2.4	0x5fa2	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.023967981 CET	8.8.8.8	192.168.2.4	0x99f	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.159403086 CET	8.8.8.8	192.168.2.4	0xacdc	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.314868927 CET	8.8.8.8	192.168.2.4	0xb2ea	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.482642889 CET	8.8.8.8	192.168.2.4	0x456b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.631684065 CET	8.8.8.8	192.168.2.4	0xd947	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.762950897 CET	8.8.8.8	192.168.2.4	0x7df7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:20.897253036 CET	8.8.8.8	192.168.2.4	0xe0f0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.028074026 CET	8.8.8.8	192.168.2.4	0x510b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.161334038 CET	8.8.8.8	192.168.2.4	0x4ec1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.295597076 CET	8.8.8.8	192.168.2.4	0xfb67	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.490575075 CET	8.8.8.8	192.168.2.4	0x22d7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.622051001 CET	8.8.8.8	192.168.2.4	0x26	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.765436888 CET	8.8.8.8	192.168.2.4	0xcf5e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:21.904874086 CET	8.8.8.8	192.168.2.4	0x450e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.061289072 CET	8.8.8.8	192.168.2.4	0xdfe8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.215473890 CET	8.8.8.8	192.168.2.4	0x36f0	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.353543043 CET	8.8.8.8	192.168.2.4	0xd46b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.482768059 CET	8.8.8.8	192.168.2.4	0x445e	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.633553028 CET	8.8.8.8	192.168.2.4	0x6d5b	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.774260044 CET	8.8.8.8	192.168.2.4	0xa2b7	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:22.913913965 CET	8.8.8.8	192.168.2.4	0x4737	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.047209978 CET	8.8.8.8	192.168.2.4	0x8d02	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.195261955 CET	8.8.8.8	192.168.2.4	0xf774	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.324580908 CET	8.8.8.8	192.168.2.4	0x1eaa	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.460838079 CET	8.8.8.8	192.168.2.4	0xfc55	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.592219114 CET	8.8.8.8	192.168.2.4	0x57e1	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.731934071 CET	8.8.8.8	192.168.2.4	0xe99c	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:23.872172117 CET	8.8.8.8	192.168.2.4	0xb8b4	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:24.012712955 CET	8.8.8.8	192.168.2.4	0xa0d6	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:24.564472914 CET	8.8.8.8	192.168.2.4	0x85ce	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:24.700397968 CET	8.8.8.8	192.168.2.4	0x7701	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:24.832451105 CET	8.8.8.8	192.168.2.4	0x16cd	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:24.965207100 CET	8.8.8.8	192.168.2.4	0x3472	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)
Mar 15, 2022 17:31:25.102082968 CET	8.8.8.8	192.168.2.4	0xbfa8	No error (0)	toopdyno2.duckdns.org	185.213.155.164	A (IP address)	IN (0x0001)

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: mzQcZawXvh.exePID: 5872, Parent PID: 5124

General

Target ID:	0
Start time:	17:29:20
Start date:	15/03/2022
Path:	C:\Users\user\Desktop\mzQcZawXvh.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\mzQcZawXvh.exe"
Imagebase:	0x400000
File size:	2180096 bytes
MD5 hash:	514837C22746AE83FAD96926AD2DDF83
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000000.00000002.257225352.00000000024E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: mzQcZawXvh.exePID: 5012, Parent PID: 5872

General

Target ID:	1
Start time:	17:29:23
Start date:	15/03/2022
Path:	C:\Users\user\Desktop\mzQcZawXvh.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\mzQcZawXvh.exe"
Imagebase:	0x400000
File size:	2180096 bytes
MD5 hash:	514837C22746AE83FAD96926AD2DDF83
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000001.00000000.252764032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_BitRAT, Description: Detects BitRAT RAT, Source: 00000001.00000000.252764032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000001.00000000.251383367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_BitRAT, Description: Detects BitRAT RAT, Source: 00000001.00000000.251383367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000001.00000000.246514986.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_BitRAT, Description: Detects BitRAT RAT, Source: 00000001.00000000.246514986.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000001.00000000.247549851.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_BitRAT, Description: Detects BitRAT RAT, Source: 00000001.00000000.247549851.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000001.00000000.245538304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000001.00000000.249134372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_BitRAT, Description: Detects BitRAT RAT, Source: 00000001.00000000.249134372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000001.00000000.253448623.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_BitRAT, Description: Detects BitRAT RAT, Source: 00000001.00000000.253448623.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_BitRAT, Description: Detects BitRAT RAT, Source: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: mzQcZawXvh.exePID: 5872, Parent PID: 5124COMMON

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	1.2%
Signature Coverage:	11.7%
Total number of Nodes:	863
Total number of Limit Nodes:	18

Executed Functions

Function 00409FD0 Relevance: 180.7, APIs: 86, Strings: 17, Instructions: 447
threadtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 78%

			E00409FD0(short _a2, long _a4, intOrPtr _a8, long _a12, long _a16, intOrPtr _a32, void _a52, char _a56, char _a60, short _a1056, char _a1076, short _a1080, void _a1084, char _a3104, char _a3108, char _a3132, short _a4148) {
				long _v0;
				long _v4;
				long _v16;
				long _v24;
				struct _COORD _v32;
				intOrPtr _v48;
				long _t48;
				intOrPtr* _t138;
				void* _t142;
				intOrPtr _t143;
				intOrPtr _t156;
				intOrPtr _t160;
				intOrPtr* _t169;
				long _t170;
				void* _t177;
				void* _t179;
				void* _t181;
				void* _t189;
				void* _t216;
				void* _t217;

				E0040B260(0x183c);
				if( *0x6328e4 == 0x177) {
					E0040B210(_t142, 0);
					E0040AFC0(_t142, 0, 0);
					E0040ACF0(_t142, 0);
					E0040AC70(0);
					E0040AA70(_t142, 0);
					E0040A930(0);
					_t189 = _t189 + 0x1c;
				}
				_t48 = 0;
				_t169 = __imp__GetConsoleAliasExesA;
				_v0 = 0;
				L3:
				L3:
				if( *0x6328e4 == 0x47) {
					GetBinaryTypeW(0,  &_a16);
					 *_t169( &_a3132, 0);
					InitializeCriticalSection( &_a12);
					EnterCriticalSection(0);
					GetNumberFormatW(0, 0, 0, 0,  &_a4148, 0);
					_v0 = 0;
					_a2 = 0;
					WriteConsoleOutputCharacterA(0, 0, 0, _v0,  &_a4);
					ReadConsoleW(0,  &_a52, 0,  &_v4, 0);
					SetThreadPriority(0, 0);
					__imp__FindNextVolumeMountPointW(0,  &_a1076, 0);
					SetProcessShutdownParameters(0, 0);
					__imp__GetConsoleAliasesLengthW(0);
					SetProcessAffinityMask(0, 0);
					OpenFileMappingW(0, 0, L"wirerulaniwojujicuwuk");
					OpenWaitableTimerW(0, 0, 0);
					AreFileApisANSI();
					CancelDeviceWakeupRequest(0);
					__imp__FindFirstVolumeA(0, 0);
					_t48 = _v32;
				}
				if(_t48 == 0x6a1) {
					goto L8;
				}
				_t48 = _t48 + 1;
				_v0 = _t48;
				if(_t48 < 0x1137686) {
					goto L3;
				} else {
				}
				L9:
				_t170 = _a4;
				_t138 = __imp__GetConsoleAliasesLengthA;
				_t177 = 0;
				do {
					if(_t177 < 0x4d13) {
						GetLastError();
						GetCharWidthA(0, 0, 0, 0); // executed
					}
					if( *0x6328e4 == 0x6b) {
						 *_t138(0);
						_v0(0, 0, 0, 0);
						__imp__AlphaBlend(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, _t170);
					}
					 *0x631f70 = 0;
					if(_t177 > 0x26edf && _a4 != 0xdfe5c2 && _a32 != 0xdf5922 &&  *0x6328e4 == 0x28) {
						GetComputerNameW( &_a1084,  &_a4);
					}
					_t177 = _t177 + 1;
				} while (_t177 < 0x180c14c3);
				_t143 = 0;
				_a8 = 0;
				do {
					if(_t143 == 0x40d) {
						E00409C60(0x6328e4);
					}
					if( *0x6328e4 == 0x78) {
						TlsFree(0);
						_v0 = 0;
						_a2 = 0;
						WriteConsoleOutputCharacterA(0, "fowatigahugucuxociwoviwimojubijutuponovevayixogacapilibilewar", 0, _v0,  &_a4);
						LoadLibraryW(0);
						DeleteAtom(0);
						GetModuleHandleW(L"gosiwosateyecehoconorexowugufexacedawasihulinidicuduforudanituf");
						GetPrivateProfileStringA("Diboh yinanisowog himahasakiy", "Firekax", "Riyepulota paraxuvudacenu pufu dulanomusonidi",  &_a60, 0, "Zilayayumaxavo cigay riki nujudod");
						FreeEnvironmentStringsA(0);
						ResetWriteWatch(0, 0);
						MoveFileA(0, 0);
						__imp__GetConsoleAliasExesLengthW();
						EnumSystemLocalesW(0, 0);
						_lopen(0, 0);
						_lwrite(0, 0, 0);
						SetSystemTimeAdjustment(0, 0);
						DebugBreak();
						__imp__MoveFileWithProgressA("Noyucamirohanic", "Jesotu lohi yixikonajiz direximoyuvat", 0, 0, 0);
						SetCommState(0, 0);
						EnumDateFormatsA(0, 0, 0);
						CreateMailslotW(0, _v24, 0, 0);
						WriteConsoleInputW(0, 0, 0,  &_v16);
						__imp__GetConsoleAliasExesLengthA();
						SetComputerNameW(L"Fev getejey wuzihege");
						GlobalGetAtomNameA(0, 0, 0);
						AllocConsole();
						GetQueuedCompletionStatus(0, 0, 0, 0, 0);
						GetProfileStringW(L"yazelazelewepubizopatumofo", L"tumohozexicavuvicu", L"guwigejebapugitecu",  &_a1056, 0);
						__imp__GetSystemWindowsDirectoryA( &_a3104, 0);
						SetConsoleCP(0);
						__imp__VerSetConditionMask(0, 0, 0, 0);
						EnumDateFormatsA(0, 0, 0);
						_t143 = _v48;
					}
					_t143 = _t143 + 1;
					_a8 = _t143;
				} while (_t143 < 0x40bd22);
				E00409D30();
				_t179 = 0;
				do {
					if( *0x6328e4 == 0x15) {
						SetThreadAffinityMask(0, 0);
					}
					if(_t179 == 0x1550) {
						_t160 =  *0x427008; // 0x423c7a
						 *0x6328e8 = _t160;
					}
					_t179 = _t179 + 1;
				} while (_t179 < 0x56a5e3);
				_v0 = 0x719c87;
				do {
					if( *0x6328e4 == 0xfd) {
						FreeEnvironmentStringsA(0);
					}
					if( *0x6328e4 == 0x23) {
						EnumCalendarInfoA(0, 0, 0, 0);
						lstrcatA( &_a56, "Nevubos mapasis");
						LocalAlloc(0, 0);
						FormatMessageW(0, 0, 0, 0,  &_a1080, 0, 0);
						WriteConsoleInputW(0, 0, 0,  &_v0);
						GlobalWire(0);
						GetPrivateProfileSectionNamesA(0, 0, 0);
					}
					_t36 =  &_v0;
					 *_t36 = _v0 - 1;
				} while ( *_t36 != 0);
				_t181 = 0;
				_t216 =  *0x6328e4 - _t181; // 0x1e30c0
				if(_t216 > 0) {
					do {
						E00409B30(_t181);
						_t181 = _t181 + 1;
						_t217 = _t181 -  *0x6328e4; // 0x1e30c0
					} while (_t217 < 0);
				}
				E00409C70();
				E00409D50();
				if( *0x6328e4 == 0x1d) {
					WriteConsoleA(0, 0, 0,  &_a4, 0);
					ReadConsoleW(0,  &_a1084, 0,  &_a12, 0);
					DebugBreak();
					LoadLibraryW(L"yuvipebeyuyumudog");
					lstrlenA(0);
					EnumResourceTypesA(0, 0, 0);
					OutputDebugStringW(0);
					_lwrite(0, 0, 0);
					__imp__GetConsoleAliasA(0,  &_a56, 0, 0);
					__imp__CreateActCtxW( &_v0);
					GetPrivateProfileStringA(0, 0, 0, 0, 0, 0);
					GetACP();
					CopyFileA(0, 0, 0);
					__imp__GetSystemWindowsDirectoryA( &_a3108, 0);
					InterlockedExchangeAdd( &_v16, 0);
					ContinueDebugEvent(0, 0, 0);
					_v32.X = 0;
					_v32.Y = 0;
					SetConsoleCursorPosition(0, _v32);
					__imp__GetConsoleAliasExesLengthA();
				}
				L00409C40();
				return 0;
				L8:
				_t156 =  *0x427548; // 0x1df7ea
				 *0x6328e4 = _t156;
				goto L9;
			}

0x00409fd5
0x00409fe4
0x00409fe8
0x00409ff1
0x00409ff8
0x00409fff
0x0040a006
0x0040a00d
0x0040a012
0x0040a012
0x0040a02a
0x0040a02d
0x0040a033
0x00000000
0x0040a040
0x0040a047
0x0040a054
0x0040a060
0x0040a067
0x0040a06b
0x0040a07f
0x0040a08e
0x0040a093
0x0040a0a0
0x0040a0b6
0x0040a0c0
0x0040a0d2
0x0040a0dc
0x0040a0e4
0x0040a0ee
0x0040a0fd
0x0040a109
0x0040a10f
0x0040a117
0x0040a121
0x0040a127
0x0040a127
0x0040a130
0x00000000
0x00000000
0x0040a132
0x0040a138
0x0040a13c
0x00000000
0x00000000
0x0040a142
0x0040a150
0x0040a150
0x0040a154
0x0040a160
0x0040a162
0x0040a168
0x0040a16a
0x0040a178
0x0040a178
0x0040a185
0x0040a189
0x0040a193
0x0040a1aa
0x0040a1aa
0x0040a1b6
0x0040a1c0
0x0040a1ec
0x0040a1ec
0x0040a1f2
0x0040a1f3
0x0040a217
0x0040a219
0x0040a220
0x0040a226
0x0040a22d
0x0040a22d
0x0040a239
0x0040a241
0x0040a24c
0x0040a251
0x0040a262
0x0040a26a
0x0040a272
0x0040a279
0x0040a296
0x0040a29e
0x0040a2a8
0x0040a2b2
0x0040a2b8
0x0040a2c2
0x0040a2cc
0x0040a2d8
0x0040a2e2
0x0040a2e8
0x0040a2fe
0x0040a308
0x0040a314
0x0040a321
0x0040a332
0x0040a338
0x0040a343
0x0040a34f
0x0040a355
0x0040a365
0x0040a384
0x0040a394
0x0040a39c
0x0040a3aa
0x0040a3b6
0x0040a3b8
0x0040a3b8
0x0040a3bc
0x0040a3c3
0x0040a3c3
0x0040a3cd
0x0040a3d8
0x0040a3e0
0x0040a3e7
0x0040a3ed
0x0040a3ed
0x0040a3f5
0x0040a3f7
0x0040a3fd
0x0040a3fd
0x0040a403
0x0040a404
0x0040a424
0x0040a430
0x0040a43a
0x0040a43e
0x0040a43e
0x0040a44b
0x0040a455
0x0040a461
0x0040a467
0x0040a47d
0x0040a48a
0x0040a492
0x0040a49e
0x0040a49e
0x0040a4a4
0x0040a4a4
0x0040a4a4
0x0040a4ab
0x0040a4ad
0x0040a4b3
0x0040a4b5
0x0040a4b6
0x0040a4bb
0x0040a4bc
0x0040a4bc
0x0040a4b5
0x0040a4c4
0x0040a4c9
0x0040a4d9
0x0040a4ec
0x0040a505
0x0040a50b
0x0040a516
0x0040a51e
0x0040a52a
0x0040a532
0x0040a53e
0x0040a54f
0x0040a55a
0x0040a56c
0x0040a572
0x0040a57e
0x0040a58e
0x0040a59b
0x0040a5a7
0x0040a5b1
0x0040a5b5
0x0040a5bf
0x0040a5c5
0x0040a5c5
0x0040a5cb
0x0040a5d8
0x0040a144
0x0040a144
0x0040a14a
0x00000000

APIs

__wremove.LIBCMTD ref: 00409FE8

Part of subcall function 0040B210: DeleteFileA.KERNEL32(?,?,?,00409FED,00000000), ref: 0040B21A
Part of subcall function 0040B210: GetLastError.KERNEL32(?,?,00409FED,00000000), ref: 0040B224
Part of subcall function 0040B210: __dosmaperr.LIBCMTD ref: 0040B240

_putc.LIBCMTD ref: 00409FF1

Part of subcall function 0040AFC0: __invalid_parameter.LIBCMTD ref: 0040B04D

_puts.LIBCMTD ref: 00409FF8

Part of subcall function 0040ACF0: __invalid_parameter.LIBCMTD ref: 0040AD7D

_atexit.LIBCMTD ref: 00409FFF
_malloc.LIBCMTD ref: 0040A006
_perror.LIBCMTD ref: 0040A00D

Part of subcall function 0040A930: ___lock_fhandle.LIBCMTD ref: 0040A96D
Part of subcall function 0040A930: _strlen.LIBCMT ref: 0040A990
Part of subcall function 0040A930: __write_nolock.LIBCMTD ref: 0040A9A1
Part of subcall function 0040A930: __write_nolock.LIBCMTD ref: 0040A9B4
Part of subcall function 0040A930: __get_sys_err_msg.LIBCMTD ref: 0040A9C4
Part of subcall function 0040A930: _strlen.LIBCMT ref: 0040A9D3
Part of subcall function 0040A930: __write_nolock.LIBCMTD ref: 0040A9E4
Part of subcall function 0040A930: __write_nolock.LIBCMTD ref: 0040A9F7

GetBinaryTypeW.KERNEL32(00000000,?), ref: 0040A054
GetConsoleAliasExesA.KERNEL32(?,00000000), ref: 0040A060
InitializeCriticalSection.KERNEL32(?), ref: 0040A067
EnterCriticalSection.KERNEL32(00000000), ref: 0040A06B
GetNumberFormatW.KERNEL32 ref: 0040A07F
WriteConsoleOutputCharacterA.KERNEL32(00000000,00000000,00000000,?,?), ref: 0040A0A0
ReadConsoleW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0040A0B6
SetThreadPriority.KERNEL32(00000000,00000000), ref: 0040A0C0
FindNextVolumeMountPointW.KERNEL32 ref: 0040A0D2
SetProcessShutdownParameters.KERNEL32(00000000,00000000), ref: 0040A0DC
GetConsoleAliasesLengthW.KERNEL32(00000000), ref: 0040A0E4
SetProcessAffinityMask.KERNEL32 ref: 0040A0EE
OpenFileMappingW.KERNEL32(00000000,00000000,wirerulaniwojujicuwuk), ref: 0040A0FD
OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 0040A109
AreFileApisANSI.KERNEL32 ref: 0040A10F
CancelDeviceWakeupRequest.KERNEL32(00000000), ref: 0040A117
FindFirstVolumeA.KERNEL32(00000000,00000000), ref: 0040A121
GetLastError.KERNEL32 ref: 0040A16A

Strings

Firekax, xrefs: 0040A28C
Jesotu lohi yixikonajiz direximoyuvat, xrefs: 0040A2F4
fowatigahugucuxociwoviwimojubijutuponovevayixogacapilibilewar, xrefs: 0040A25C
guwigejebapugitecu, xrefs: 0040A375
yuvipebeyuyumudog, xrefs: 0040A511
tumohozexicavuvicu, xrefs: 0040A37A
Riyepulota paraxuvudacenu pufu dulanomusonidi, xrefs: 0040A287
Zilayayumaxavo cigay riki nujudod, xrefs: 0040A27B
Diboh yinanisowog himahasakiy, xrefs: 0040A291
Noyucamirohanic, xrefs: 0040A2F9
Fev getejey wuzihege, xrefs: 0040A33E
Nevubos mapasis, xrefs: 0040A457
wirerulaniwojujicuwuk, xrefs: 0040A0F4
z<B, xrefs: 0040A3F7
yazelazelewepubizopatumofo, xrefs: 0040A37F
z<B, xrefs: 0040A3FD
gosiwosateyecehoconorexowugufexacedawasihulinidicuduforudanituf, xrefs: 0040A274

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: Console__write_nolock$File$CriticalErrorFindLastOpenProcessSectionVolume__invalid_parameter_strlen$AffinityAliasAliasesApisBinaryCancelCharacterDeleteDeviceEnterExesFirstFormatInitializeLengthMappingMaskMountNextNumberOutputParametersPointPriorityReadRequestShutdownThreadTimerTypeWaitableWakeupWrite___lock_fhandle__dosmaperr__get_sys_err_msg__wremove_atexit_malloc_perror_putc_puts
String ID: Diboh yinanisowog himahasakiy$Fev getejey wuzihege$Firekax$Jesotu lohi yixikonajiz direximoyuvat$Nevubos mapasis$Noyucamirohanic$Riyepulota paraxuvudacenu pufu dulanomusonidi$Zilayayumaxavo cigay riki nujudod$fowatigahugucuxociwoviwimojubijutuponovevayixogacapilibilewar$gosiwosateyecehoconorexowugufexacedawasihulinidicuduforudanituf$guwigejebapugitecu$tumohozexicavuvicu$wirerulaniwojujicuwuk$yazelazelewepubizopatumofo$yuvipebeyuyumudog$z<B$z<B
API String ID: 74949174-761215093
Opcode ID: 14ad3711c9c1cf01f3966dc2ea027d873af1ef5921003b9c8107bee1c545d4ff
Instruction ID: 797207cfeefdb970af6bd1ed89767520cce5f6a41b7c61177561b81138972ed0
Opcode Fuzzy Hash: 14ad3711c9c1cf01f3966dc2ea027d873af1ef5921003b9c8107bee1c545d4ff
Instruction Fuzzy Hash: 21F10275684300BBE354ABA0DE4AF5A77A4AB4CB02F14443AF745BE1F1CBB464448B6E

Uniqueness

Uniqueness Score: -1.00%

Function 0040A039 Relevance: 170.2, APIs: 80, Strings: 17, Instructions: 417
librarythreadtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E0040A039(intOrPtr* __edi, long _a12, long _a16, short _a18, long _a20, intOrPtr _a24, long _a28, long _a32, intOrPtr _a48, void _a68, char _a72, char _a76, short _a1072, char _a1092, short _a1096, void _a1100, char _a3120, char _a3124, char _a3148, short _a4164) {
				long _v0;
				long _v8;
				struct _COORD _v16;
				intOrPtr _v32;
				long _t45;
				intOrPtr* _t127;
				intOrPtr _t131;
				intOrPtr _t144;
				intOrPtr _t148;
				intOrPtr* _t156;
				long _t157;
				void* _t162;
				void* _t164;
				void* _t166;
				void* _t198;
				void* _t199;

				_t156 = __edi;
				L1:
				L1:
				if( *0x6328e4 == 0x47) {
					GetBinaryTypeW(0,  &_a32);
					 *_t156( &_a3148, 0);
					InitializeCriticalSection( &_a28);
					EnterCriticalSection(0);
					GetNumberFormatW(0, 0, 0, 0,  &_a4164, 0);
					_a16 = 0;
					_a18 = 0;
					WriteConsoleOutputCharacterA(0, 0, 0, _a16,  &_a20);
					ReadConsoleW(0,  &_a68, 0,  &_a12, 0);
					SetThreadPriority(0, 0);
					__imp__FindNextVolumeMountPointW(0,  &_a1092, 0);
					SetProcessShutdownParameters(0, 0);
					__imp__GetConsoleAliasesLengthW(0);
					SetProcessAffinityMask(0, 0);
					OpenFileMappingW(0, 0, L"wirerulaniwojujicuwuk");
					OpenWaitableTimerW(0, 0, 0);
					AreFileApisANSI();
					CancelDeviceWakeupRequest(0);
					__imp__FindFirstVolumeA(0, 0);
					_t45 = _v16;
				}
				if(_t45 == 0x6a1) {
					goto L6;
				}
				_t45 = _t45 + 1;
				_a16 = _t45;
				if(_t45 < 0x1137686) {
					goto L1;
				} else {
				}
				L7:
				_t157 = _a20;
				_t127 = __imp__GetConsoleAliasesLengthA;
				_t162 = 0;
				do {
					if(_t162 < 0x4d13) {
						GetLastError();
						GetCharWidthA(0, 0, 0, 0); // executed
					}
					if( *0x6328e4 == 0x6b) {
						 *_t127(0);
						_v0(0, 0, 0, 0);
						__imp__AlphaBlend(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, _t157);
					}
					 *0x631f70 = 0;
					if(_t162 > 0x26edf && _a20 != 0xdfe5c2 && _a48 != 0xdf5922 &&  *0x6328e4 == 0x28) {
						GetComputerNameW( &_a1100,  &_a20);
					}
					_t162 = _t162 + 1;
				} while (_t162 < 0x180c14c3);
				_t131 = 0;
				_a24 = 0;
				do {
					if(_t131 == 0x40d) {
						E00409C60(0x6328e4);
					}
					if( *0x6328e4 == 0x78) {
						TlsFree(0);
						_a16 = 0;
						_a18 = 0;
						WriteConsoleOutputCharacterA(0, "fowatigahugucuxociwoviwimojubijutuponovevayixogacapilibilewar", 0, _a16,  &_a20);
						LoadLibraryW(0);
						DeleteAtom(0);
						GetModuleHandleW(L"gosiwosateyecehoconorexowugufexacedawasihulinidicuduforudanituf");
						GetPrivateProfileStringA("Diboh yinanisowog himahasakiy", "Firekax", "Riyepulota paraxuvudacenu pufu dulanomusonidi",  &_a76, 0, "Zilayayumaxavo cigay riki nujudod");
						FreeEnvironmentStringsA(0);
						ResetWriteWatch(0, 0);
						MoveFileA(0, 0);
						__imp__GetConsoleAliasExesLengthW();
						EnumSystemLocalesW(0, 0);
						_lopen(0, 0);
						_lwrite(0, 0, 0);
						SetSystemTimeAdjustment(0, 0);
						DebugBreak();
						__imp__MoveFileWithProgressA("Noyucamirohanic", "Jesotu lohi yixikonajiz direximoyuvat", 0, 0, 0);
						SetCommState(0, 0);
						EnumDateFormatsA(0, 0, 0);
						CreateMailslotW(0, _v8, 0, 0);
						WriteConsoleInputW(0, 0, 0,  &_v0);
						__imp__GetConsoleAliasExesLengthA();
						SetComputerNameW(L"Fev getejey wuzihege");
						GlobalGetAtomNameA(0, 0, 0);
						AllocConsole();
						GetQueuedCompletionStatus(0, 0, 0, 0, 0);
						GetProfileStringW(L"yazelazelewepubizopatumofo", L"tumohozexicavuvicu", L"guwigejebapugitecu",  &_a1072, 0);
						__imp__GetSystemWindowsDirectoryA( &_a3120, 0);
						SetConsoleCP(0);
						__imp__VerSetConditionMask(0, 0, 0, 0);
						EnumDateFormatsA(0, 0, 0);
						_t131 = _v32;
					}
					_t131 = _t131 + 1;
					_a24 = _t131;
				} while (_t131 < 0x40bd22);
				E00409D30();
				_t164 = 0;
				do {
					if( *0x6328e4 == 0x15) {
						SetThreadAffinityMask(0, 0);
					}
					if(_t164 == 0x1550) {
						_t148 =  *0x427008; // 0x423c7a
						 *0x6328e8 = _t148;
					}
					_t164 = _t164 + 1;
				} while (_t164 < 0x56a5e3);
				_a16 = 0x719c87;
				do {
					if( *0x6328e4 == 0xfd) {
						FreeEnvironmentStringsA(0);
					}
					if( *0x6328e4 == 0x23) {
						EnumCalendarInfoA(0, 0, 0, 0);
						lstrcatA( &_a72, "Nevubos mapasis");
						LocalAlloc(0, 0);
						FormatMessageW(0, 0, 0, 0,  &_a1096, 0, 0);
						WriteConsoleInputW(0, 0, 0,  &_a16);
						GlobalWire(0);
						GetPrivateProfileSectionNamesA(0, 0, 0);
					}
					_t35 =  &_a16;
					 *_t35 = _a16 - 1;
				} while ( *_t35 != 0);
				_t166 = 0;
				_t198 =  *0x6328e4 - _t166; // 0x1e30c0
				if(_t198 > 0) {
					do {
						E00409B30(_t166);
						_t166 = _t166 + 1;
						_t199 = _t166 -  *0x6328e4; // 0x1e30c0
					} while (_t199 < 0);
				}
				E00409C70();
				E00409D50();
				if( *0x6328e4 == 0x1d) {
					WriteConsoleA(0, 0, 0,  &_a20, 0);
					ReadConsoleW(0,  &_a1100, 0,  &_a28, 0);
					DebugBreak();
					LoadLibraryW(L"yuvipebeyuyumudog");
					lstrlenA(0);
					EnumResourceTypesA(0, 0, 0);
					OutputDebugStringW(0);
					_lwrite(0, 0, 0);
					__imp__GetConsoleAliasA(0,  &_a72, 0, 0);
					__imp__CreateActCtxW( &_a16);
					GetPrivateProfileStringA(0, 0, 0, 0, 0, 0);
					GetACP();
					CopyFileA(0, 0, 0);
					__imp__GetSystemWindowsDirectoryA( &_a3124, 0);
					InterlockedExchangeAdd( &_v0, 0);
					ContinueDebugEvent(0, 0, 0);
					_v16.X = 0;
					_v16.Y = 0;
					SetConsoleCursorPosition(0, _v16);
					__imp__GetConsoleAliasExesLengthA();
				}
				L00409C40();
				return 0;
				L6:
				_t144 =  *0x427548; // 0x1df7ea
				 *0x6328e4 = _t144;
				goto L7;
			}

0x0040a039
0x00000000
0x0040a040
0x0040a047
0x0040a054
0x0040a060
0x0040a067
0x0040a06b
0x0040a07f
0x0040a08e
0x0040a093
0x0040a0a0
0x0040a0b6
0x0040a0c0
0x0040a0d2
0x0040a0dc
0x0040a0e4
0x0040a0ee
0x0040a0fd
0x0040a109
0x0040a10f
0x0040a117
0x0040a121
0x0040a127
0x0040a127
0x0040a130
0x00000000
0x00000000
0x0040a132
0x0040a138
0x0040a13c
0x00000000
0x00000000
0x0040a142
0x0040a150
0x0040a150
0x0040a154
0x0040a160
0x0040a162
0x0040a168
0x0040a16a
0x0040a178
0x0040a178
0x0040a185
0x0040a189
0x0040a193
0x0040a1aa
0x0040a1aa
0x0040a1b6
0x0040a1c0
0x0040a1ec
0x0040a1ec
0x0040a1f2
0x0040a1f3
0x0040a217
0x0040a219
0x0040a220
0x0040a226
0x0040a22d
0x0040a22d
0x0040a239
0x0040a241
0x0040a24c
0x0040a251
0x0040a262
0x0040a26a
0x0040a272
0x0040a279
0x0040a296
0x0040a29e
0x0040a2a8
0x0040a2b2
0x0040a2b8
0x0040a2c2
0x0040a2cc
0x0040a2d8
0x0040a2e2
0x0040a2e8
0x0040a2fe
0x0040a308
0x0040a314
0x0040a321
0x0040a332
0x0040a338
0x0040a343
0x0040a34f
0x0040a355
0x0040a365
0x0040a384
0x0040a394
0x0040a39c
0x0040a3aa
0x0040a3b6
0x0040a3b8
0x0040a3b8
0x0040a3bc
0x0040a3c3
0x0040a3c3
0x0040a3cd
0x0040a3d8
0x0040a3e0
0x0040a3e7
0x0040a3ed
0x0040a3ed
0x0040a3f5
0x0040a3f7
0x0040a3fd
0x0040a3fd
0x0040a403
0x0040a404
0x0040a424
0x0040a430
0x0040a43a
0x0040a43e
0x0040a43e
0x0040a44b
0x0040a455
0x0040a461
0x0040a467
0x0040a47d
0x0040a48a
0x0040a492
0x0040a49e
0x0040a49e
0x0040a4a4
0x0040a4a4
0x0040a4a4
0x0040a4ab
0x0040a4ad
0x0040a4b3
0x0040a4b5
0x0040a4b6
0x0040a4bb
0x0040a4bc
0x0040a4bc
0x0040a4b5
0x0040a4c4
0x0040a4c9
0x0040a4d9
0x0040a4ec
0x0040a505
0x0040a50b
0x0040a516
0x0040a51e
0x0040a52a
0x0040a532
0x0040a53e
0x0040a54f
0x0040a55a
0x0040a56c
0x0040a572
0x0040a57e
0x0040a58e
0x0040a59b
0x0040a5a7
0x0040a5b1
0x0040a5b5
0x0040a5bf
0x0040a5c5
0x0040a5c5
0x0040a5cb
0x0040a5d8
0x0040a144
0x0040a144
0x0040a14a
0x00000000

APIs

GetBinaryTypeW.KERNEL32(00000000,?), ref: 0040A054
GetConsoleAliasExesA.KERNEL32(?,00000000), ref: 0040A060
InitializeCriticalSection.KERNEL32(?), ref: 0040A067
EnterCriticalSection.KERNEL32(00000000), ref: 0040A06B
GetNumberFormatW.KERNEL32 ref: 0040A07F
WriteConsoleOutputCharacterA.KERNEL32(00000000,00000000,00000000,?,?), ref: 0040A0A0
ReadConsoleW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0040A0B6
SetThreadPriority.KERNEL32(00000000,00000000), ref: 0040A0C0
FindNextVolumeMountPointW.KERNEL32 ref: 0040A0D2
SetProcessShutdownParameters.KERNEL32(00000000,00000000), ref: 0040A0DC
GetConsoleAliasesLengthW.KERNEL32(00000000), ref: 0040A0E4
SetProcessAffinityMask.KERNEL32 ref: 0040A0EE
OpenFileMappingW.KERNEL32(00000000,00000000,wirerulaniwojujicuwuk), ref: 0040A0FD
OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 0040A109
AreFileApisANSI.KERNEL32 ref: 0040A10F
CancelDeviceWakeupRequest.KERNEL32(00000000), ref: 0040A117
FindFirstVolumeA.KERNEL32(00000000,00000000), ref: 0040A121
GetLastError.KERNEL32 ref: 0040A16A
GetCharWidthA.GDI32(00000000,00000000,00000000,00000000), ref: 0040A178
GetConsoleAliasesLengthA.KERNEL32(00000000), ref: 0040A189
WinHttpConnect.WINHTTP(00000000,00000000,00000000,00000000), ref: 0040A193
AlphaBlend.MSIMG32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0040A1AA
GetComputerNameW.KERNEL32 ref: 0040A1EC
TlsFree.KERNEL32(00000000), ref: 0040A241
WriteConsoleOutputCharacterA.KERNEL32(00000000,fowatigahugucuxociwoviwimojubijutuponovevayixogacapilibilewar,00000000,?,?), ref: 0040A262
LoadLibraryW.KERNEL32(00000000), ref: 0040A26A
DeleteAtom.KERNEL32(00000000), ref: 0040A272
GetModuleHandleW.KERNEL32(gosiwosateyecehoconorexowugufexacedawasihulinidicuduforudanituf), ref: 0040A279
GetPrivateProfileStringA.KERNEL32(Diboh yinanisowog himahasakiy,Firekax,Riyepulota paraxuvudacenu pufu dulanomusonidi,?,00000000,Zilayayumaxavo cigay riki nujudod), ref: 0040A296
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0040A29E

Strings

Firekax, xrefs: 0040A28C
Jesotu lohi yixikonajiz direximoyuvat, xrefs: 0040A2F4
fowatigahugucuxociwoviwimojubijutuponovevayixogacapilibilewar, xrefs: 0040A25C
guwigejebapugitecu, xrefs: 0040A375
yuvipebeyuyumudog, xrefs: 0040A511
tumohozexicavuvicu, xrefs: 0040A37A
Riyepulota paraxuvudacenu pufu dulanomusonidi, xrefs: 0040A287
Zilayayumaxavo cigay riki nujudod, xrefs: 0040A27B
Diboh yinanisowog himahasakiy, xrefs: 0040A291
Noyucamirohanic, xrefs: 0040A2F9
Fev getejey wuzihege, xrefs: 0040A33E
Nevubos mapasis, xrefs: 0040A457
wirerulaniwojujicuwuk, xrefs: 0040A0F4
z<B, xrefs: 0040A3F7
yazelazelewepubizopatumofo, xrefs: 0040A37F
z<B, xrefs: 0040A3FD
gosiwosateyecehoconorexowugufexacedawasihulinidicuduforudanituf, xrefs: 0040A274

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: Console$AliasesCharacterCriticalFileFindFreeLengthOpenOutputProcessSectionVolumeWrite$AffinityAliasAlphaApisAtomBinaryBlendCancelCharComputerConnectDeleteDeviceEnterEnvironmentErrorExesFirstFormatHandleHttpInitializeLastLibraryLoadMappingMaskModuleMountNameNextNumberParametersPointPriorityPrivateProfileReadRequestShutdownStringStringsThreadTimerTypeWaitableWakeupWidth
String ID: Diboh yinanisowog himahasakiy$Fev getejey wuzihege$Firekax$Jesotu lohi yixikonajiz direximoyuvat$Nevubos mapasis$Noyucamirohanic$Riyepulota paraxuvudacenu pufu dulanomusonidi$Zilayayumaxavo cigay riki nujudod$fowatigahugucuxociwoviwimojubijutuponovevayixogacapilibilewar$gosiwosateyecehoconorexowugufexacedawasihulinidicuduforudanituf$guwigejebapugitecu$tumohozexicavuvicu$wirerulaniwojujicuwuk$yazelazelewepubizopatumofo$yuvipebeyuyumudog$z<B$z<B
API String ID: 4025127805-761215093
Opcode ID: f6b2113d507cda223c11083bd89e58f8dfb1338d5ac33396f5dff8f6b6e73b79
Instruction ID: 6e06df7f2d5ddad14332fe3f035d07c2b71cf0429cc995c6fc8f00633ed79f9d
Opcode Fuzzy Hash: f6b2113d507cda223c11083bd89e58f8dfb1338d5ac33396f5dff8f6b6e73b79
Instruction Fuzzy Hash: 16E10275694300BBE314ABA0DE4AF9A77A4AB4CB02F144439F745BD1F0CBF464448B6E

Uniqueness

Uniqueness Score: -1.00%

Function 0040B3A5 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 65%

			E0040B3A5() {
				void* _t21;
				void* _t22;
				void* _t25;
				intOrPtr _t27;
				void* _t29;
				intOrPtr _t34;
				void* _t44;
				void* _t46;
				void* _t54;
				void* _t56;
				void* _t58;
				void* _t60;
				void* _t61;
				void* _t62;

				 *((intOrPtr*)(_t58 - 4)) = 0xfffffffe;
				 *((intOrPtr*)(_t58 - 0x6c)) = E0040B540();
				_t21 = E00412960(_t46, 1); // executed
				_t61 = _t60 + 4;
				if(_t21 == 0) {
					E0040B510(0x1c);
					_t61 = _t61 + 4; // executed
				}
				_t22 = L00410300(_t46); // executed
				if(_t22 == 0) {
					E0040B510(0x10);
					_t61 = _t61 + 4;
				}
				_push(1);
				E0040D930(_t46);
				_t62 = _t61 + 4;
				E004128E0();
				 *((intOrPtr*)(_t58 - 4)) = 1;
				_t25 = E00411520(); // executed
				if(_t25 < 0) {
					L0040FBE0(_t44, _t46, _t54, _t56, 0x1b);
					_t62 = _t62 + 4;
				}
				 *0x63457c = GetCommandLineA(); // executed
				_t27 = E004126C0(_t44, _t54, _t56); // executed
				 *0x6328f0 = _t27;
				if(E00412230() < 0) {
					L0040FBE0(_t44, _t46, _t54, _t56, 8);
					_t62 = _t62 + 4; // executed
				}
				_t29 = E00412090(_t44, _t56); // executed
				if(_t29 < 0) {
					L0040FBE0(_t44, _t46, _t54, _t56, 9);
					_t62 = _t62 + 4;
				}
				 *((intOrPtr*)(_t58 - 0x64)) = E0040FAC0(_t46, 1);
				if( *((intOrPtr*)(_t58 - 0x64)) != 0) {
					L0040FBE0(_t44,  *((intOrPtr*)(_t58 - 0x64)), _t54, _t56,  *((intOrPtr*)(_t58 - 0x64)));
				}
				 *((intOrPtr*)(_t58 - 0x68)) = E00411FC0();
				if(( *(_t58 - 0x34) & 0x00000001) == 0) {
					 *(_t58 - 0x7c) = 0xa;
				} else {
					 *(_t58 - 0x7c) =  *(_t58 - 0x30) & 0x0000ffff;
				}
				 *((intOrPtr*)(_t58 - 0x70)) = E00409FD0(0x400000, 0,  *((intOrPtr*)(_t58 - 0x68)),  *(_t58 - 0x7c));
				if( *((intOrPtr*)(_t58 - 0x6c)) == 0) {
					E0040FB60( *((intOrPtr*)(_t58 - 0x70)));
				}
				E0040FBA0();
				 *((intOrPtr*)(_t58 - 4)) = 0xfffffffe;
				_t34 =  *((intOrPtr*)(_t58 - 0x70));
				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0x10));
				return _t34;
			}

0x0040b3a5
0x0040b3b1
0x0040b3b6
0x0040b3bb
0x0040b3c0
0x0040b3c4
0x0040b3c9
0x0040b3c9
0x0040b3cc
0x0040b3d3
0x0040b3d7
0x0040b3dc
0x0040b3dc
0x0040b3df
0x0040b3e1
0x0040b3e6
0x0040b3e9
0x0040b3ee
0x0040b3f5
0x0040b3fc
0x0040b400
0x0040b405
0x0040b405
0x0040b40e
0x0040b413
0x0040b418
0x0040b424
0x0040b428
0x0040b42d
0x0040b42d
0x0040b430
0x0040b437
0x0040b43b
0x0040b440
0x0040b440
0x0040b44d
0x0040b454
0x0040b45a
0x0040b45f
0x0040b467
0x0040b470
0x0040b47b
0x0040b472
0x0040b476
0x0040b476
0x0040b496
0x0040b49d
0x0040b4a3
0x0040b4a3
0x0040b4a8
0x0040b4ad
0x0040b4f5
0x0040b4fb
0x0040b509

APIs

_check_managed_app.LIBCMTD ref: 0040B3AC
__heap_init.LIBCMTD ref: 0040B3B6

Part of subcall function 00412960: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,0040B3BB,00000001), ref: 00412976

_fast_error_exit.LIBCMTD ref: 0040B3C4

Part of subcall function 0040B510: ___crtExitProcess.LIBCMTD ref: 0040B534

_fast_error_exit.LIBCMTD ref: 0040B3D7
__RTC_Initialize.LIBCMTD ref: 0040B3E9
GetCommandLineA.KERNEL32 ref: 0040B408
___crtGetEnvironmentStringsA.LIBCMTD ref: 0040B413
___setargv.LIBCMTD ref: 0040B41D
__setenvp.LIBCMTD ref: 0040B430
__cinit.LIBCMTD ref: 0040B445
__wincmdln.LIBCMTD ref: 0040B462

Strings

/O, xrefs: 0040B3CC

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: ___crt_fast_error_exit$CommandCreateEnvironmentExitHeapInitializeLineProcessStrings___setargv__cinit__heap_init__setenvp__wincmdln_check_managed_app
String ID: /O
API String ID: 302379156-273608944
Opcode ID: d5e072fd8c8145967f226f0ce9de3e5f4ee9250c8ab4bb83f9e65715555c2b4e
Instruction ID: af04b444be07bec19f09f45fe591d543eb0f40a2eb329e9db3971630fc6ffd7c
Opcode Fuzzy Hash: d5e072fd8c8145967f226f0ce9de3e5f4ee9250c8ab4bb83f9e65715555c2b4e
Instruction Fuzzy Hash: 253174B1D003099AEB10BBF2A90279E76B0EB4434CF14413EE905BA2C3F7B955558A9E

Uniqueness

Uniqueness Score: -1.00%

Function 0040B707 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 252
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 61%

			E0040B707() {
				signed int _t79;
				signed int _t80;
				intOrPtr _t81;
				signed int _t97;
				void* _t102;
				void* _t103;
				signed int _t105;
				void* _t109;
				void* _t110;
				intOrPtr _t112;
				void* _t115;
				void* _t116;
				signed int _t122;
				signed int _t123;
				intOrPtr _t126;
				signed int _t127;
				signed int _t157;
				intOrPtr _t158;
				intOrPtr _t159;
				signed int _t169;
				signed int _t170;
				void* _t171;
				void* _t173;
				void* _t175;
				void* _t177;
				void* _t178;
				void* _t188;
				void* _t192;

				_t178 = _t177 + 4;
				 *(_t175 - 4) = 0;
				if( *0x63291c > 0) {
					_t112 =  *0x63291c; // 0x0
					_t188 =  *0x632904 - _t112 - 1; // 0x0
					if(_t188 != 0) {
						_t169 =  *0x632904; // 0x0
						_t170 = _t169 + 1;
						__eflags = _t170;
						 *0x632904 = _t170;
					} else {
						if(E0040C9E0() == 0) {
							_push(L"_CrtCheckMemory()");
							_push(0);
							_push(0x179);
							_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgheap.c");
							_push(2);
							_t115 = L0040E1A0();
							_t178 = _t178 + 0x14;
							if(_t115 == 1) {
								asm("int3");
							}
						}
						 *0x632904 = 0;
					}
				}
				_t79 =  *0x60a65c; // 0x34
				 *(_t175 - 0x28) = _t79;
				if( *0x60a660 != 0xffffffff) {
					_t192 =  *(_t175 - 0x28) -  *0x60a660; // 0xffffffff
					if(_t192 == 0) {
						asm("int3");
					}
				}
				if( *0x60ad74 == 0) {
					L19:
					__eflags = ( *(_t175 + 0xc) & 0x0000ffff) - 2;
					if(( *(_t175 + 0xc) & 0x0000ffff) != 2) {
						_t105 =  *0x60a654; // 0x1
						__eflags = _t105 & 0x00000001;
						if((_t105 & 0x00000001) == 0) {
							 *(_t175 - 0x1c) = 1;
						}
					}
					__eflags =  *((intOrPtr*)(_t175 + 8)) - 0xffffffbc;
					if( *((intOrPtr*)(_t175 + 8)) <= 0xffffffbc) {
						__eflags = ( *(_t175 + 0xc) & 0x0000ffff) - 4;
						if(( *(_t175 + 0xc) & 0x0000ffff) != 4) {
							__eflags =  *(_t175 + 0xc) - 1;
							if( *(_t175 + 0xc) != 1) {
								__eflags = ( *(_t175 + 0xc) & 0x0000ffff) - 2;
								if(( *(_t175 + 0xc) & 0x0000ffff) != 2) {
									__eflags =  *(_t175 + 0xc) - 3;
									if( *(_t175 + 0xc) != 3) {
										_t102 = L00412F90(1, 0, 0, 0, "%s", "Error: memory allocation: bad memory block type.\n");
										_t178 = _t178 + 0x18;
										__eflags = _t102 - 1;
										if(_t102 == 1) {
											asm("int3");
										}
									}
								}
							}
						}
						 *((intOrPtr*)(_t175 - 0x2c)) =  *((intOrPtr*)(_t175 + 8)) + 0x24;
						_t80 = E00412ED0(_t116, _t171, _t173,  *((intOrPtr*)(_t175 - 0x2c))); // executed
						 *(_t175 - 0x24) = _t80;
						__eflags =  *(_t175 - 0x24);
						if( *(_t175 - 0x24) != 0) {
							_t122 =  *0x60a65c; // 0x34
							_t123 = _t122 + 1;
							 *0x60a65c = _t123;
							__eflags =  *(_t175 - 0x1c);
							if( *(_t175 - 0x1c) == 0) {
								__eflags = (_t123 | 0xffffffff) -  *0x6328fc -  *((intOrPtr*)(_t175 + 8));
								if((_t123 | 0xffffffff) -  *0x6328fc <=  *((intOrPtr*)(_t175 + 8))) {
									 *0x6328fc = 0xffffffff;
								} else {
									_t159 =  *0x6328fc; // 0x2be9
									 *0x6328fc = _t159 +  *((intOrPtr*)(_t175 + 8));
								}
								_t81 =  *0x632914; // 0x1987
								 *0x632914 = _t81 +  *((intOrPtr*)(_t175 + 8));
								_t126 =  *0x632914; // 0x1987
								__eflags = _t126 -  *0x632908; // 0x1b9b
								if(__eflags > 0) {
									_t158 =  *0x632914; // 0x1987
									 *0x632908 = _t158;
								}
								__eflags =  *0x63290c;
								if( *0x63290c == 0) {
									 *0x632900 =  *(_t175 - 0x24);
								} else {
									_t97 =  *0x63290c; // 0x22e2718
									 *(_t97 + 4) =  *(_t175 - 0x24);
								}
								_t127 =  *0x63290c; // 0x22e2718
								 *( *(_t175 - 0x24)) = _t127;
								 *( *(_t175 - 0x24) + 4) = 0;
								 *( *(_t175 - 0x24) + 8) =  *(_t175 + 0x10);
								 *((intOrPtr*)( *(_t175 - 0x24) + 0xc)) =  *((intOrPtr*)(_t175 + 0x14));
								 *((intOrPtr*)( *(_t175 - 0x24) + 0x10)) =  *((intOrPtr*)(_t175 + 8));
								 *( *(_t175 - 0x24) + 0x14) =  *(_t175 + 0xc);
								 *( *(_t175 - 0x24) + 0x18) =  *(_t175 - 0x28);
								 *0x63290c =  *(_t175 - 0x24);
							} else {
								 *( *(_t175 - 0x24)) = 0;
								 *( *(_t175 - 0x24) + 4) = 0;
								 *( *(_t175 - 0x24) + 8) = 0;
								 *((intOrPtr*)( *(_t175 - 0x24) + 0xc)) = 0xfedcbabc;
								 *((intOrPtr*)( *(_t175 - 0x24) + 0x10)) =  *((intOrPtr*)(_t175 + 8));
								 *( *(_t175 - 0x24) + 0x14) = 3;
								 *( *(_t175 - 0x24) + 0x18) = 0;
							}
							E00412D20(_t171,  *(_t175 - 0x24) + 0x1c,  *0x60a664 & 0x000000ff, 4);
							E00412D20(_t171,  *(_t175 - 0x24) +  *((intOrPtr*)(_t175 + 8)) + 0x20,  *0x60a664 & 0x000000ff, 4);
							E00412D20(_t171,  *(_t175 - 0x24) + 0x20,  *0x60a667 & 0x000000ff,  *((intOrPtr*)(_t175 + 8)));
							_t157 =  *(_t175 - 0x24) + 0x20;
							__eflags = _t157;
							 *(_t175 - 0x20) = _t157;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x18)))) = 0xc;
						}
					} else {
						_t103 = L00412F90(1, 0, 0, 0, "Invalid allocation size: %Iu bytes.\n",  *((intOrPtr*)(_t175 + 8)));
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							asm("int3");
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x18)))) = 0xc;
					}
					L46:
					 *(_t175 - 4) = 0xfffffffe;
					E0040BA50();
					 *[fs:0x0] =  *((intOrPtr*)(_t175 - 0x10));
					return  *(_t175 - 0x20);
				}
				_t109 =  *0x60ad74(1, 0,  *((intOrPtr*)(_t175 + 8)),  *(_t175 + 0xc),  *(_t175 - 0x28),  *(_t175 + 0x10),  *((intOrPtr*)(_t175 + 0x14)));
				_t178 = _t178 + 0x1c;
				if(_t109 != 0) {
					goto L19;
				}
				if( *(_t175 + 0x10) == 0) {
					_t110 = L00412F90(0, 0, 0, 0, "%s", "Client hook allocation failure.\n");
					__eflags = _t110 - 1;
					if(_t110 == 1) {
						asm("int3");
					}
					L18:
					goto L46;
				}
				_push( *((intOrPtr*)(_t175 + 0x14)));
				if(L00412F90(0, 0, 0, 0, "Client hook allocation failure at file %hs line %d.\n",  *(_t175 + 0x10)) == 1) {
					asm("int3");
				}
				goto L18;
			}

0x0040b707
0x0040b70a
0x0040b718
0x0040b71a
0x0040b722
0x0040b728
0x0040b760
0x0040b766
0x0040b766
0x0040b769
0x0040b72a
0x0040b731
0x0040b733
0x0040b738
0x0040b73a
0x0040b73f
0x0040b744
0x0040b746
0x0040b74b
0x0040b751
0x0040b753
0x0040b753
0x0040b751
0x0040b754
0x0040b754
0x0040b728
0x0040b76f
0x0040b774
0x0040b77e
0x0040b783
0x0040b789
0x0040b78b
0x0040b78b
0x0040b789
0x0040b793
0x0040b80a
0x0040b813
0x0040b816
0x0040b818
0x0040b81d
0x0040b820
0x0040b822
0x0040b822
0x0040b820
0x0040b829
0x0040b82d
0x0040b865
0x0040b868
0x0040b86a
0x0040b86e
0x0040b879
0x0040b87c
0x0040b87e
0x0040b882
0x0040b896
0x0040b89b
0x0040b89e
0x0040b8a1
0x0040b8a3
0x0040b8a3
0x0040b8a1
0x0040b882
0x0040b87c
0x0040b86e
0x0040b8aa
0x0040b8b1
0x0040b8b9
0x0040b8bc
0x0040b8c0
0x0040b8d0
0x0040b8d6
0x0040b8d9
0x0040b8df
0x0040b8e3
0x0040b937
0x0040b93a
0x0040b94d
0x0040b93c
0x0040b93c
0x0040b945
0x0040b945
0x0040b957
0x0040b95f
0x0040b964
0x0040b96a
0x0040b970
0x0040b972
0x0040b978
0x0040b978
0x0040b97e
0x0040b985
0x0040b997
0x0040b987
0x0040b987
0x0040b98f
0x0040b98f
0x0040b9a0
0x0040b9a6
0x0040b9ab
0x0040b9b8
0x0040b9c1
0x0040b9ca
0x0040b9d3
0x0040b9dc
0x0040b9e2
0x0040b8e5
0x0040b8e8
0x0040b8f1
0x0040b8fb
0x0040b905
0x0040b912
0x0040b918
0x0040b922
0x0040b922
0x0040b9f9
0x0040ba16
0x0040ba31
0x0040ba3c
0x0040ba3c
0x0040ba3f
0x0040b8c2
0x0040b8c5
0x0040b8c5
0x0040b82f
0x0040b840
0x0040b848
0x0040b84b
0x0040b84d
0x0040b84d
0x0040b851
0x0040b851
0x0040ba42
0x0040ba42
0x0040ba49
0x0040ba61
0x0040ba6f
0x0040ba6f
0x0040b7ad
0x0040b7b3
0x0040b7b8
0x00000000
0x00000000
0x0040b7be
0x0040b7f7
0x0040b7ff
0x0040b802
0x0040b804
0x0040b804
0x0040b805
0x00000000
0x0040b805
0x0040b7c3
0x0040b7e0
0x0040b7e2
0x0040b7e2
0x00000000

APIs

__CrtCheckMemory.LIBCMTD ref: 0040B72A
__heap_alloc_base.LIBCMTD ref: 0040B8B1
_memset.LIBCMT ref: 0040B9F9
_memset.LIBCMT ref: 0040BA16
_memset.LIBCMT ref: 0040BA31

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040B73F
Client hook allocation failure at file %hs line %d., xrefs: 0040B7C8
Client hook allocation failure., xrefs: 0040B7E5
_CrtCheckMemory(), xrefs: 0040B733
Invalid allocation size: %Iu bytes., xrefs: 0040B833
Error: memory allocation: bad memory block type., xrefs: 0040B884

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: _memset$CheckMemory__heap_alloc_base
String ID: Client hook allocation failure at file %hs line %d.$Client hook allocation failure.$Error: memory allocation: bad memory block type.$Invalid allocation size: %Iu bytes.$_CrtCheckMemory()$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
API String ID: 4254127243-2462871736
Opcode ID: e15f57ee2bb5276fc63ace693c11738e8e2135de48e24e98766bc685c23bdff2
Instruction ID: 8a72b64e3570234d7f27825fba9996bada962f4722e9e02e9a4984fbd7bf526b
Opcode Fuzzy Hash: e15f57ee2bb5276fc63ace693c11738e8e2135de48e24e98766bc685c23bdff2
Instruction Fuzzy Hash: 4EA18CB4A00209DFDB14DF45D991BAA77F2EB48304F24C16AE9146B3E1D379AD40CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00411520 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 326
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E00411520() {
				void* _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				struct _STARTUPINFOA _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				int _v116;
				signed char* _v120;
				void* _v124;
				void** _v128;
				void** _v132;
				int _v140;
				long _v144;
				signed int _t166;
				signed int _t170;
				signed int _t175;
				signed int _t188;
				signed int _t206;
				void** _t209;
				signed int _t321;
				void* _t322;
				intOrPtr _t323;
				void* _t324;

				_push(0xfffffffe);
				_push(0x425330);
				_push(E0040E610);
				_push( *[fs:0x0]);
				_t323 = _t322 + 0xffffff84;
				_t166 =  *0x60a7a4; // 0x859ba81c
				_v12 = _v12 ^ _t166;
				_push(_t166 ^ _t321);
				 *[fs:0x0] =  &_v20;
				_v28 = _t323;
				_v8 = 0;
				GetStartupInfoA( &_v100);
				_v8 = 0xfffffffe;
				_t170 = L0040BB40(0x20, 0x40, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\ioinit.c", 0x88); // executed
				_t324 = _t323 + 0x14;
				_v128 = _t170;
				if(_v128 != 0) {
					 *0x633440 = _v128;
					 *0x633420 = 0x20;
					while(_v128 <  *0x633440 + 0x800) {
						_v128[1] = 0;
						 *_v128 = 0xffffffff;
						_v128[1] = 0xa;
						_v128[2] = 0;
						_v128[9] = _v128[9] & 0x00000080;
						_v128[9] = _v128[9] & 0x0000007f;
						_v128[9] = 0xa;
						_v128[9] = 0xa;
						_v128[0xe] = 0;
						_v128[0xd] = 0;
						_v128 =  &(_v128[0x10]);
					}
					if((_v100.cbReserved2 & 0x0000ffff) == 0 || _v100.lpReserved2 == 0) {
						L34:
						_v112 = 0;
						while(_v112 < 3) {
							_v128 = (_v112 << 6) +  *0x633440;
							if( *_v128 == 0xffffffff ||  *_v128 == 0xfffffffe) {
								_v128[1] = 0x81;
								if(_v112 != 0) {
									asm("sbb edx, edx");
									_v144 =  ~(_v112 - 1) + 0xfffffff5;
								} else {
									_v144 = 0xfffffff6;
								}
								_v124 = GetStdHandle(_v144);
								if(_v124 == 0xffffffff || _v124 == 0) {
									L52:
									_v128[1] = _v128[1] | 0x00000040;
									 *_v128 = 0xfffffffe;
									goto L53;
								} else {
									_v108 = GetFileType(_v124);
									if(_v108 == 0) {
										goto L52;
									} else {
										 *_v128 = _v124;
										if((_v108 & 0x000000ff) != 2) {
											if((_v108 & 0x000000ff) == 3) {
												_v128[1] = _v128[1] | 0x00000008;
											}
										} else {
											_v128[1] = _v128[1] | 0x00000040;
										}
										_t188 = E00417180( &(_v128[3]), 0xfa0);
										_t324 = _t324 + 8;
										if(_t188 != 0) {
											_v128[2] = _v128[2] + 1;
											L53:
											goto L55;
										} else {
											_t175 = _t188 | 0xffffffff;
										}
									}
								}
							} else {
								_v128[1] = _v128[1] | 0x00000080;
								L55:
								_v112 = _v112 + 1;
								continue;
							}
							goto L57;
						}
						SetHandleCount( *0x633420);
						_t175 = 0;
					} else {
						_v116 =  *(_v100.lpReserved2);
						_v120 = _v100.lpReserved2 + 4;
						_v132 =  &(_v120[_v116]);
						if(_v116 >= 0x800) {
							_v140 = 0x800;
						} else {
							_v140 = _v116;
						}
						_v116 = _v140;
						_v104 = 1;
						while( *0x633420 < _v116) {
							_t209 = L0040BB40(0x20, 0x40, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\ioinit.c", 0xc0);
							_t324 = _t324 + 0x14;
							_v128 = _t209;
							if(_v128 != 0) {
								 *((intOrPtr*)(0x633440 + _v104 * 4)) = _v128;
								 *0x633420 =  *0x633420 + 0x20;
								while(_v128 <  *((intOrPtr*)(0x633440 + _v104 * 4)) + 0x800) {
									_v128[1] = 0;
									 *_v128 = 0xffffffff;
									_v128[1] = 0xa;
									_v128[2] = 0;
									_v128[9] = _v128[9] & 0x00000080;
									_v128[9] = 0xa;
									_v128[9] = 0xa;
									_v128[0xe] = 0;
									_v128[0xd] = 0;
									_v128 =  &(_v128[0x10]);
								}
								_v104 = _v104 + 1;
								continue;
							} else {
								_v116 =  *0x633420;
							}
							break;
						}
						_v112 = 0;
						while(_v112 < _v116) {
							if( *_v132 == 0xffffffff ||  *_v132 == 0xfffffffe || ( *_v120 & 0x00000001) == 0 || ( *_v120 & 0x00000008) == 0 && GetFileType( *_v132) == 0) {
								L33:
								_v112 = _v112 + 1;
								_v120 =  &(_v120[1]);
								_v132 =  &(_v132[1]);
								continue;
							} else {
								_v128 = ((_v112 & 0x0000001f) << 6) +  *((intOrPtr*)(0x633440 + (_v112 >> 5) * 4));
								 *_v128 =  *_v132;
								_v128[1] =  *_v120;
								_t206 = E00417180( &(_v128[3]), 0xfa0);
								_t324 = _t324 + 8;
								if(_t206 != 0) {
									_v128[2] =  *((intOrPtr*)(_v128 + 8)) + 1;
									goto L33;
								} else {
									_t175 = _t206 | 0xffffffff;
								}
							}
							goto L57;
						}
						goto L34;
					}
				} else {
					_t175 = _t170 | 0xffffffff;
				}
				L57:
				 *[fs:0x0] = _v20;
				return _t175;
			}

0x00411525
0x00411527
0x0041152c
0x00411537
0x00411538
0x0041153e
0x00411543
0x00411548
0x0041154c
0x00411552
0x00411555
0x00411560
0x00411566
0x004115ab
0x004115b0
0x004115b3
0x004115ba
0x004115c7
0x004115cd
0x004115e2
0x004115f4
0x004115fb
0x00411604
0x0041160b
0x0041161d
0x0041162b
0x00411631
0x00411638
0x0041163f
0x00411649
0x004115df
0x004115df
0x00411655
0x00411853
0x00411853
0x00411865
0x0041187b
0x00411884
0x00411895
0x0041189d
0x004118b3
0x004118b8
0x0041189f
0x0041189f
0x0041189f
0x004118cb
0x004118d2
0x00411969
0x00411976
0x0041197c
0x00000000
0x004118e2
0x004118ec
0x004118f3
0x00000000
0x004118f5
0x004118fb
0x00411909
0x00411929
0x00411938
0x00411938
0x0041190b
0x00411918
0x00411918
0x00411947
0x0041194c
0x00411951
0x00411964
0x00411982
0x00000000
0x00411953
0x00411953
0x00411953
0x00411951
0x004118f3
0x00411984
0x00411993
0x00411996
0x00411862
0x00000000
0x00411862
0x00000000
0x00411884
0x004119a2
0x004119a8
0x00411665
0x0041166a
0x00411673
0x0041167c
0x00411686
0x00411693
0x00411688
0x0041168b
0x0041168b
0x004116a3
0x004116a6
0x004116b8
0x004116d7
0x004116dc
0x004116df
0x004116e6
0x004116fb
0x0041170a
0x0041171a
0x00411731
0x00411738
0x00411741
0x00411748
0x0041175a
0x00411760
0x00411767
0x0041176e
0x00411778
0x00411717
0x00411717
0x004116b5
0x00000000
0x004116e8
0x004116ed
0x004116ed
0x00000000
0x004116e6
0x00411783
0x004117a7
0x004117b9
0x0041184e
0x00411792
0x0041179b
0x004117a4
0x00000000
0x004117f1
0x00411807
0x00411812
0x0041181c
0x0041182b
0x00411830
0x00411835
0x0041184b
0x00000000
0x00411837
0x00411837
0x00411837
0x00411835
0x00000000
0x004117b9
0x00000000
0x004117a7
0x004115bc
0x004115bc
0x004115bc
0x004119aa
0x004119ad
0x004119bb

APIs

GetStartupInfoA.KERNEL32(?), ref: 00411560
GetFileType.KERNEL32(?), ref: 004117E7

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c, xrefs: 004115A0, 004116CC

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: FileInfoStartupType
String ID: f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c
API String ID: 3016745765-4097262939
Opcode ID: 47a6d8ad94d666b3f8f354c98aa2db64856be1adfe7ae4363de3c8dcf5f3bbe3
Instruction ID: 827ff17d8c5c83ead693b010b1c146f3c9559527b4d49fc1b9c9966abe1dfc56
Opcode Fuzzy Hash: 47a6d8ad94d666b3f8f354c98aa2db64856be1adfe7ae4363de3c8dcf5f3bbe3
Instruction Fuzzy Hash: 93E1E874E04248CFDB24CFA8C894BADFBB1BB49314F24825ED565AB392C7399842CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0040BA7E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 42%

			E0040BA7E(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _t25;
				intOrPtr _t28;
				intOrPtr _t29;
				void* _t34;
				void* _t35;
				void* _t36;
				intOrPtr _t38;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t50;

				_t47 = __esi;
				_t46 = __edi;
				_t36 = __ecx;
				_t35 = __ebx;
				asm("sbb eax, eax");
				_t25 = 0xffffffe0 /  *(_t48 + 8) + 1;
				 *((intOrPtr*)(_t48 - 8)) = _t25;
				if(_t25 == 0) {
					_push(L"(_HEAP_MAXREQ / nNum) >= nSize");
					_push(0);
					_push(0x248);
					_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgheap.c");
					_push(2);
					_t34 = L0040E1A0();
					_t50 = _t50 + 0x14;
					if(_t34 == 1) {
						asm("int3");
					}
				}
				if( *((intOrPtr*)(_t48 - 8)) != 0) {
					 *(_t48 + 0xc) =  *(_t48 + 0xc) *  *(_t48 + 8);
					_t38 =  *0x632a90; // 0x0
					_t28 = L0040B650(_t38,  *(_t48 + 0xc), _t38,  *((intOrPtr*)(_t48 + 0x10)),  *((intOrPtr*)(_t48 + 0x14)),  *((intOrPtr*)(_t48 + 0x18)),  *((intOrPtr*)(_t48 + 0x1c))); // executed
					 *((intOrPtr*)(_t48 - 4)) = _t28;
					if( *((intOrPtr*)(_t48 - 4)) != 0) {
						E00412D20(_t46,  *((intOrPtr*)(_t48 - 4)), 0,  *(_t48 + 0xc));
					}
					_t29 =  *((intOrPtr*)(_t48 - 4));
				} else {
					 *((intOrPtr*)(L0040EC70(_t36))) = 0xc;
					E00411A50(_t35, _t36, _t46, _t47, L"(_HEAP_MAXREQ / nNum) >= nSize", L"_calloc_dbg_impl", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgheap.c", 0x248, 0);
					_t29 = 0;
				}
				return _t29;
			}

0x0040ba7e
0x0040ba7e
0x0040ba7e
0x0040ba7e
0x0040ba8b
0x0040ba8d
0x0040ba90
0x0040ba93
0x0040ba95
0x0040ba9a
0x0040ba9c
0x0040baa1
0x0040baa6
0x0040baa8
0x0040baad
0x0040bab3
0x0040bab5
0x0040bab5
0x0040bab3
0x0040baba
0x0040baf0
0x0040bb03
0x0040bb0e
0x0040bb16
0x0040bb1d
0x0040bb29
0x0040bb2e
0x0040bb31
0x0040babc
0x0040bac1
0x0040badd
0x0040bae5
0x0040bae5
0x0040bb37

APIs

__invalid_parameter.LIBCMTD ref: 0040BADD
_memset.LIBCMT ref: 0040BB29

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040BAA1, 0040BACE
_calloc_dbg_impl, xrefs: 0040BAD3
(_HEAP_MAXREQ / nNum) >= nSize, xrefs: 0040BA95, 0040BAD8

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __invalid_parameter_memset
String ID: (_HEAP_MAXREQ / nNum) >= nSize$_calloc_dbg_impl$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
API String ID: 3961059608-1805389939
Opcode ID: b796c7521e64e4592a57c05bec9a04ed8bb3360dde59313c2adb3e29e59732cd
Instruction ID: 6ff698db135874b2db21e70b776e5c91729a7b30f69118cb3a561ec915fc92dc
Opcode Fuzzy Hash: b796c7521e64e4592a57c05bec9a04ed8bb3360dde59313c2adb3e29e59732cd
Instruction Fuzzy Hash: 1A11B971A40208BBDB00DF55CD42F5E73A5EB54704F10856AF918BB2D1D778D9508B98

Uniqueness

Uniqueness Score: -1.00%

Function 00409C70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36
librarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00409C70() {
				struct HINSTANCE__* _t2;
				int _t4;
				long _t6;
				DWORD* _t8;

				"simg32.dll" = 0x65;
				"img32.dll" = 0x72;
				 *0x60b690 = 0x2e;
				 *0x60b691 = 0x64;
				 *0x60b692 = 0x6c;
				 *0x60b694 = 0;
				M0060B68C = 0x65;
				"32.dll" = 0x6c;
				 *0x60b68e = 0x33;
				 *0x60b68f = 0x32;
				 *0x60b693 = 0x65;
				M0060B68B = 0x6e;
				"msimg32.dll" = 0x6b; // executed
				_t2 = LoadLibraryA("msimg32.dll");
				_t6 =  *0x6328e4; // 0x1e30c0
				 *0x631f7c = _t2;
				 *0x60b696 = 0;
				 *0x60b68f = 0x50;
				"32.dll" = 0x61;
				"msimg32.dll" = 0x60;
				 *0x60b690 = 0x7c;
				 *0x60b691 = 0x6f;
				 *0x60b695 = 0x74; // executed
				_t4 = VirtualProtect( *0x615d40, _t6, 0x40, _t8); // executed
				return _t4;
			}

0x00409c7a
0x00409c7f
0x00409c86
0x00409c8d
0x00409c94
0x00409c9a
0x00409ca1
0x00409ca6
0x00409cac
0x00409cb3
0x00409cba
0x00409cbf
0x00409cc6
0x00409ccd
0x00409cd3
0x00409cdf
0x00409cec
0x00409cf3
0x00409cfa
0x00409d01
0x00409d08
0x00409d0f
0x00409d16
0x00409d1d
0x00409d24

APIs

LoadLibraryA.KERNELBASE(msimg32.dll), ref: 00409CCD
VirtualProtect.KERNELBASE(?,001E30C0,00000040,00000000), ref: 00409D1D

Strings

msimg32.dll, xrefs: 00409C75

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: LibraryLoadProtectVirtual
String ID: msimg32.dll
API String ID: 3279857687-3287713914
Opcode ID: 212c11f1efb708d304d7f10a71409bc8fe722fd08b7616f05590d402311453a9
Instruction ID: a91203cf1349bc1cbde20b50c3f5c1ad4d6b8465f910441af6d6693b1f3a1392
Opcode Fuzzy Hash: 212c11f1efb708d304d7f10a71409bc8fe722fd08b7616f05590d402311453a9
Instruction Fuzzy Hash: 2A1193600A92C0CDE302CB28BD597533F9B9327708F09F28DE1895B2A2C7EB1118D776

Uniqueness

Uniqueness Score: -1.00%

Function 0040B66F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040B66F(intOrPtr __eax, void* __ecx) {
				intOrPtr _t20;
				void* _t27;

				L0:
				while(1) {
					L0:
					 *((intOrPtr*)(_t27 - 4)) = __eax;
					if( *((intOrPtr*)(_t27 - 4)) != 0) {
						break;
					}
					L3:
					if( *((intOrPtr*)(_t27 + 0xc)) != 0) {
						L5:
						if(E00412CE0(__ecx,  *((intOrPtr*)(_t27 + 8))) != 0) {
							L7:
							L1:
							L0040B6C0( *((intOrPtr*)(_t27 + 8)),  *((intOrPtr*)(_t27 + 0x10)),  *((intOrPtr*)(_t27 + 0x14)),  *((intOrPtr*)(_t27 + 0x18)),  *((intOrPtr*)(_t27 + 0x1c)));
							continue;
						} else {
							L6:
							 *((intOrPtr*)( *((intOrPtr*)(_t27 + 0x1c)))) = 0xc;
							_t20 = 0;
						}
					} else {
						L4:
						 *((intOrPtr*)( *((intOrPtr*)(_t27 + 0x1c)))) = 0xc;
						_t20 =  *((intOrPtr*)(_t27 - 4));
					}
					L8:
					return _t20;
					L9:
				}
				L2:
				_t20 =  *((intOrPtr*)(_t27 - 4));
				goto L8;
			}

0x0040b66f
0x0040b66f
0x0040b66f
0x0040b672
0x0040b679
0x00000000
0x00000000
0x0040b680
0x0040b684
0x0040b694
0x0040b6a2
0x0040b6b1
0x0040b656
0x0040b66a
0x00000000
0x0040b6a4
0x0040b6a4
0x0040b6a7
0x0040b6ad
0x0040b6ad
0x0040b686
0x0040b686
0x0040b689
0x0040b68f
0x0040b68f
0x0040b6b3
0x0040b6b6
0x00000000
0x0040b6b6
0x0040b67b
0x0040b67b
0x00000000

Strings

QQ, xrefs: 0040B669

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID:
String ID: QQ
API String ID: 0-3460843698
Opcode ID: b3bc6af8014fb0556a34892475fd8addd3e98cc67a8eb0fbb24b46698522ec7e
Instruction ID: 294cf07c255e33463b5eabae3086a57cf661838ca6fbaf8a486146d9469ac8e9
Opcode Fuzzy Hash: b3bc6af8014fb0556a34892475fd8addd3e98cc67a8eb0fbb24b46698522ec7e
Instruction Fuzzy Hash: 8F01FBB5600109EBDB14DF54C944BAA73B4EB48304F10896AF905A7380D73ADA51DBDE

Uniqueness

Uniqueness Score: -1.00%

Function 022FB7C6 Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Module32First.KERNEL32(00000000,00000224), ref: 022FB80E

Memory Dump Source

Source File: 00000000.00000002.256540868.00000000022FB000.00000040.00000800.00020000.00000000.sdmp, Offset: 022FB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22fb000_mzQcZawXvh.jbxd

Similarity

API ID: FirstModule32
String ID:
API String ID: 3757679902-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 084bb4abe49fb5d13bd5993c218c63d456815074218be2ac825834ff67cde654
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: B5F0C2362103116BD7603BF4EC8CBAAB6E8AF8C669F100238E742954C0CB70E8454A60

Uniqueness

Uniqueness Score: -1.00%

Function 004101E0 Relevance: 1.5, APIs: 1, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004101E0() {
				void* _t1;

				_t1 = E00410110(0); // executed
				return _t1;
			}

0x004101e7
0x004101f0

APIs

__encode_pointer.LIBCMTD ref: 004101E7

Part of subcall function 00410110: TlsGetValue.KERNEL32(00000005), ref: 00410125
Part of subcall function 00410110: TlsGetValue.KERNEL32(00000005,00000004), ref: 00410146
Part of subcall function 00410110: __crt_wait_module_handle.LIBCMTD ref: 0041015C
Part of subcall function 00410110: GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00410176
Part of subcall function 00410110: RtlEncodePointer.NTDLL(?), ref: 00410197

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: Value$AddressEncodePointerProc__crt_wait_module_handle__encode_pointer
String ID:
API String ID: 568403282-0
Opcode ID: f00befe9f6ce37f0a9e0ee05923ac5330ac6df44ba7645856ef0dc2498812e42
Instruction ID: 8c9a2190b9c7e492981362f40d45408256e576df1b8fa31835db1f7dcd19085b
Opcode Fuzzy Hash: f00befe9f6ce37f0a9e0ee05923ac5330ac6df44ba7645856ef0dc2498812e42
Instruction Fuzzy Hash: 57A0127294420C33D08120933803B02350C43C0738F080021F50C0514328D7A4904097

Uniqueness

Uniqueness Score: -1.00%

Function 0040B310 Relevance: 1.5, APIs: 1, Instructions: 5
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			_entry_() {
				void* _t2;
				void* _t3;
				void* _t4;

				E00411CA0(); // executed
				_t2 = L0040B330(_t3, _t4); // executed
				return _t2;
			}

0x0040b315
0x0040b31a
0x00000000

APIs

___security_init_cookie.LIBCMTD ref: 0040B315

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: ___security_init_cookie
String ID:
API String ID: 3657697845-0
Opcode ID: 3af4f6196a54f9386e15a2a7791e4ccbc1d0389973c9f4251828c21cd8ff7d9f
Instruction ID: 8118cc6a2f55ae8788abd7dacfa75f102871a0f58a3bde6f166546d615b0b6cc
Opcode Fuzzy Hash: 3af4f6196a54f9386e15a2a7791e4ccbc1d0389973c9f4251828c21cd8ff7d9f
Instruction Fuzzy Hash: CFA0022145474C16415533A71447A4B754D88C0B987F5002B7A1C521533D7CB85140EE

Uniqueness

Uniqueness Score: -1.00%

Function 022FB485 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 022FB4D6

Memory Dump Source

Source File: 00000000.00000002.256540868.00000000022FB000.00000040.00000800.00020000.00000000.sdmp, Offset: 022FB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22fb000_mzQcZawXvh.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: f73fa01e9922634c9050632ad30768e1636630f453898706a5c52c9ad791c906
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 0F113C79A00208EFDB01DF98C985E99BBF5AF08750F0580A4FA489B361D375EA90DF80

Uniqueness

Uniqueness Score: -1.00%

Function 00409D30 Relevance: 1.3, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00409D30() {
				long _t1;
				void* _t2;

				_t1 =  *0x6328e4; // 0x1e30c0
				_t2 = LocalAlloc(0, _t1); // executed
				 *0x615d40 = _t2;
				return _t2;
			}

0x00409d30
0x00409d38
0x00409d3e
0x00409d43

APIs

LocalAlloc.KERNELBASE(00000000,001E30C0), ref: 00409D38

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 9d19b7ef041325152a98067dedbf4776263471a34a491149feb11ec5df455169
Instruction ID: 6fc1ec559f54ca827ffd6ccf27bd46d00434fd5742df4e3d8ce03a8d0c80a74a
Opcode Fuzzy Hash: 9d19b7ef041325152a98067dedbf4776263471a34a491149feb11ec5df455169
Instruction Fuzzy Hash: 90B012B0500200DFD3008F60FD18B6037A5F744302F046013F60DC9A70C73004449B14

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00409D50 Relevance: 64.9, APIs: 31, Strings: 6, Instructions: 177
pipefilememoryCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00409D50() {
				short _v2048;
				char _v2080;
				char _v3080;
				struct _OSVERSIONINFOW _v3368;
				struct _STARTUPINFOA _v3436;
				void _v3448;
				long _v3452;
				long _v3456;
				long _v3460;
				long _v3464;
				long _v3468;
				long _v3476;
				long _v3484;
				long _t27;
				intOrPtr _t28;
				void* _t29;
				long _t48;
				intOrPtr* _t61;
				void* _t82;
				intOrPtr* _t86;

				_t61 = __imp__GetSystemWow64DirectoryW;
				_t86 = __imp__GetCPInfoExW;
				_v3468 = 0;
				while(1) {
					GetLastError();
					if( *0x6328e4 == 0x16) {
						SetConsoleTextAttribute(0, 0);
						DebugBreak();
						__imp__SetCalendarInfoA(0, 0, 0, 0);
						WriteProfileSectionW(L"Wupezoxaxozumiw gifubedi", L"Huzulibopabuda nuzahokecuxel muhu");
					}
					GetLastError();
					if( *0x6328e4 == 0x9e) {
						CopyFileA(0, 0, 0);
						 *_t61( &_v2048, 0);
						 *_t86(0, 0,  &_v3080);
						_v3484 = 0;
						DisconnectNamedPipe( &_v3484);
						GetStartupInfoA( &_v3436);
						InterlockedCompareExchange( &_v3476, 0, 0);
						HeapValidate(0, 0, 0);
						GetVersionExW( &_v3368);
					}
					_t27 = _v3468;
					if(_t27 > 0x3775ee) {
						break;
					}
					_t48 = _t27 + 1;
					_v3468 = _t48;
					if(_t48 < 0x332beaf6) {
						continue;
					}
					break;
				}
				_t28 =  *0x6328e4; // 0x1e30c0
				_t29 = E00409990( *0x615d40, _t28, 0x427010);
				_t82 = 0;
				do {
					if( *0x6328e4 == 0x10) {
						GlobalFix( &_v3448);
					}
					if(_t82 == 0x1e673) {
						_t29 = E00409C50(_t29);
					}
					_t82 = _t82 + 1;
				} while (_t82 < 0x3e79e);
				_v3468 = 0xdd9a7;
				do {
					if( *0x6328e4 == 0xc01) {
						TerminateProcess(0, 0);
						GetUserDefaultLangID();
						WritePrivateProfileStringA(0, 0, 0, 0);
						GetNamedPipeHandleStateW(0,  &_v3460,  &_v3452,  &_v3464,  &_v3456,  &_v2048, 0);
					}
					_t18 =  &_v3468;
					 *_t18 = _v3468 - 1;
				} while ( *_t18 != 0);
				E004088F0();
				if( *0x6328e4 == 0x1144) {
					GetModuleHandleW(L"tacixololid");
					__imp__SetDllDirectoryW(0);
					FormatMessageA(0, 0, 0, 0, 0, 0, 0);
					FindResourceW(0, 0, 0);
					__imp__ReleaseActCtx(0);
					__imp__GetCalendarInfoA(0, 0, 0,  &_v3080, 0,  &_v3468);
					FindFirstChangeNotificationW(L"misetanu", 0, 0);
					InterlockedDecrement( &_v3484);
					GetCommandLineA();
					GetProfileSectionA("rujovigofghj",  &_v2080, 0);
					GlobalFix(0);
					_push(0);
					VerifyVersionInfoA( &(_v3436.hStdInput), 0, 0);
				}
				return 0;
			}

0x00409d57
0x00409d5e
0x00409d72
0x00409d80
0x00409d80
0x00409d8d
0x00409d93
0x00409d99
0x00409da7
0x00409db7
0x00409db7
0x00409dbd
0x00409dcd
0x00409dd5
0x00409de1
0x00409def
0x00409df6
0x00409dfe
0x00409e05
0x00409e14
0x00409e20
0x00409e2e
0x00409e2e
0x00409e34
0x00409e3d
0x00000000
0x00000000
0x00409e3f
0x00409e45
0x00409e49
0x00000000
0x00000000
0x00000000
0x00409e49
0x00409e4f
0x00409e61
0x00409e66
0x00409e70
0x00409e77
0x00409e7e
0x00409e7e
0x00409e8a
0x00409e8c
0x00409e8c
0x00409e91
0x00409e92
0x00409eb2
0x00409ec0
0x00409eca
0x00409ed0
0x00409ed2
0x00409edc
0x00409efe
0x00409efe
0x00409f00
0x00409f00
0x00409f00
0x00409f07
0x00409f1a
0x00409f25
0x00409f2d
0x00409f41
0x00409f4d
0x00409f55
0x00409f70
0x00409f7f
0x00409f8a
0x00409f90
0x00409fa5
0x00409fad
0x00409fb3
0x00409fc1
0x00409fc1
0x00409fcf

APIs

GetLastError.KERNEL32 ref: 00409D80
SetConsoleTextAttribute.KERNEL32(00000000,00000000), ref: 00409D93
DebugBreak.KERNEL32 ref: 00409D99
SetCalendarInfoA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00409DA7
WriteProfileSectionW.KERNEL32(Wupezoxaxozumiw gifubedi,Huzulibopabuda nuzahokecuxel muhu), ref: 00409DB7
GetLastError.KERNEL32 ref: 00409DBD
CopyFileA.KERNEL32 ref: 00409DD5
GetSystemWow64DirectoryW.KERNEL32(?,00000000), ref: 00409DE1
GetCPInfoExW.KERNEL32(00000000,00000000,?), ref: 00409DEF
DisconnectNamedPipe.KERNEL32 ref: 00409DFE
GetStartupInfoA.KERNEL32(?), ref: 00409E05
InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 00409E14
HeapValidate.KERNEL32(00000000,00000000,00000000), ref: 00409E20
GetVersionExW.KERNEL32(?), ref: 00409E2E
GlobalFix.KERNEL32 ref: 00409E7E
TerminateProcess.KERNEL32(00000000,00000000,?,001E30C0,00427010), ref: 00409ED0
GetUserDefaultLangID.KERNEL32 ref: 00409ED2
WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00409EDC
GetNamedPipeHandleStateW.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00409EFE

Strings

Wupezoxaxozumiw gifubedi, xrefs: 00409DB2
Huzulibopabuda nuzahokecuxel muhu, xrefs: 00409DAD
u7, xrefs: 00409E38
misetanu, xrefs: 00409F7A
tacixololid, xrefs: 00409F20
rujovigofghj, xrefs: 00409FA0

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: Info$ErrorLastNamedPipeProfileWrite$AttributeBreakCalendarCompareConsoleCopyDebugDefaultDirectoryDisconnectExchangeFileGlobalHandleHeapInterlockedLangPrivateProcessSectionStartupStateStringSystemTerminateTextUserValidateVersionWow64
String ID: Huzulibopabuda nuzahokecuxel muhu$Wupezoxaxozumiw gifubedi$misetanu$rujovigofghj$tacixololid$u7
API String ID: 2442499186-1539711763
Opcode ID: e0246d367eba01d43645638c602113fba38ba3b6bafc5c5649b76c83eb628ada
Instruction ID: 1b602e0e853446f7e8c69fbb1d69449c88d6502fc05553ed6c1a5d54e148400d
Opcode Fuzzy Hash: e0246d367eba01d43645638c602113fba38ba3b6bafc5c5649b76c83eb628ada
Instruction Fuzzy Hash: 39519671244380EFE310DB90DE4AF9A73A4BB44B01F50452AF389BA4F1D7B46944CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 00409990 Relevance: 22.6, APIs: 15, Instructions: 126
timefileCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E00409990(intOrPtr _a4, unsigned int _a8, intOrPtr _a12) {
				short _v2048;
				struct _WIN32_FIND_DATAW _v3072;
				struct _OSVERSIONINFOW _v3352;
				struct _TIME_ZONE_INFORMATION _v3524;
				struct _DCB _v3704;
				long _v3712;
				struct _COMMTIMEOUTS _v3732;
				void* _v3736;
				void* _v3740;
				long _v3748;
				struct _COORD _v3752;
				char _v3756;
				intOrPtr _v3760;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				unsigned int _t37;
				int _t38;
				void* _t61;
				intOrPtr* _t78;

				if( *0x6328e4 == 0x516) {
					VerLanguageNameA(0,  &_v3072, 0);
					SetDefaultCommConfigW(0, 0, 0);
					_v3752.Y = 0;
					_v3752.X = 0;
					ReadConsoleOutputCharacterW(0,  &_v2048, 0, _v3752,  &_v3748);
				}
				_t37 = _a8 >> 3;
				if(_t37 > 0) {
					_t61 = VerifyVersionInfoA;
					_t78 = __imp__QueryDepthSList;
					_v3752 = _a4;
					_v3748 = _t37;
					do {
						if( *0x6328e4 == 0x29) {
							_v3732.ReadTotalTimeoutMultiplier = 0;
							_v3732.ReadTotalTimeoutConstant = 0;
							_v3732.WriteTotalTimeoutMultiplier = 0;
							_v3732.WriteTotalTimeoutConstant = 0;
							_v3732.ReadIntervalTimeout = 0;
							BuildCommDCBAndTimeoutsA(0,  &_v3704,  &_v3732);
							CopyFileExW(0, 0, 0, 0, 0, 0);
							GetCompressedFileSizeW(0,  &_v3712);
						}
						if( *0x6328e4 == 0xe1b) {
							FindNextFileW(0,  &_v3072);
							SetEvent(0);
						}
						if( *0x6328e4 == 0x1c) {
							_v3740 = 0;
							_v3736 = 0;
							 *_t78( &_v3740);
							_push(0);
							VerifyVersionInfoA( &(_v3704.EofChar), 0, 0);
							GetVersionExW( &_v3352);
							SetLastError(0);
							TerminateProcess(0, 0);
							GetTimeZoneInformation( &_v3524);
						}
						_push(_a12);
						_push(_v3752);
						_t38 = L004097E0(_t61, _t78, 0);
						if( *0x6328e4 == 0x4fa) {
							_v3752.X = 0;
							_v3752.Y = 0;
							_t38 = FillConsoleOutputCharacterA(0, 0, 0, _v3752,  &(_v3732.WriteTotalTimeoutMultiplier));
						}
						_v3760 = _v3760 + 8;
						_t34 =  &_v3756;
						 *_t34 = _v3756 - 1;
					} while ( *_t34 != 0);
					return _t38;
				}
				return _t37;
			}

0x004099a3
0x004099af
0x004099b7
0x004099c1
0x004099cb
0x004099df
0x004099df
0x004099ec
0x004099f1
0x004099ff
0x00409a0d
0x00409a13
0x00409a17
0x00409a20
0x00409a27
0x00409a2f
0x00409a33
0x00409a37
0x00409a3b
0x00409a46
0x00409a4a
0x00409a56
0x00409a62
0x00409a62
0x00409a72
0x00409a7d
0x00409a84
0x00409a84
0x00409a91
0x00409a98
0x00409a9c
0x00409aa0
0x00409aa2
0x00409aaa
0x00409ab4
0x00409ab7
0x00409abf
0x00409acd
0x00409acd
0x00409ade
0x00409adf
0x00409ae0
0x00409aef
0x00409afa
0x00409aff
0x00409b0c
0x00409b0c
0x00409b12
0x00409b17
0x00409b17
0x00409b17
0x00000000
0x00409b24
0x00409b2c

APIs

VerLanguageNameA.KERNEL32(00000000,?,00000000), ref: 004099AF
SetDefaultCommConfigW.KERNEL32(00000000,00000000,00000000), ref: 004099B7
ReadConsoleOutputCharacterW.KERNEL32(00000000,?,00000000,?,?), ref: 004099DF
BuildCommDCBAndTimeoutsA.KERNEL32(00000000,?,?), ref: 00409A4A
CopyFileExW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409A56
GetCompressedFileSizeW.KERNEL32(00000000,?), ref: 00409A62
FindNextFileW.KERNEL32(00000000,?), ref: 00409A7D
SetEvent.KERNEL32(00000000), ref: 00409A84
QueryDepthSList.KERNEL32(?), ref: 00409AA0
VerifyVersionInfoA.KERNEL32(?,00000000,00000000,00000000), ref: 00409AAA
GetVersionExW.KERNEL32(?), ref: 00409AB4
SetLastError.KERNEL32(00000000), ref: 00409AB7
TerminateProcess.KERNEL32(00000000,00000000), ref: 00409ABF
GetTimeZoneInformation.KERNEL32(?), ref: 00409ACD
FillConsoleOutputCharacterA.KERNEL32(00000000,00000000,00000000,?,?,?,?), ref: 00409B0C

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: File$CharacterCommConsoleOutputVersion$BuildCompressedConfigCopyDefaultDepthErrorEventFillFindInfoInformationLanguageLastListNameNextProcessQueryReadSizeTerminateTimeTimeoutsVerifyZone
String ID:
API String ID: 2993308821-0
Opcode ID: 7de2656ca8efdd4406fc587640fde4eda95cc19ce904693b03613efa173e1e6e
Instruction ID: 44dbf4e76faf01295172065a2e4e91539d578242f17f452664ddf0d1d4f2c262
Opcode Fuzzy Hash: 7de2656ca8efdd4406fc587640fde4eda95cc19ce904693b03613efa173e1e6e
Instruction Fuzzy Hash: D5411B71505391AFC324DF64DD489DFBBE9FF89340F00492EF189A2260D7749A49CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00416CA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00416CA0(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				long _t15;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t29;
				void* _t34;

				_t25 = __esi;
				_t24 = __edi;
				_t22 = __edx;
				_t20 = __ecx;
				_t19 = __ebx;
				_t6 = __eax;
				_t34 = _t20 -  *0x60a7a4; // 0x859ba81c
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x633108 = _t6;
				 *0x633104 = _t20;
				 *0x633100 = _t22;
				 *0x6330fc = _t19;
				 *0x6330f8 = _t25;
				 *0x6330f4 = _t24;
				 *0x633120 = ss;
				 *0x633114 = cs;
				 *0x6330f0 = ds;
				 *0x6330ec = es;
				 *0x6330e8 = fs;
				 *0x6330e4 = gs;
				asm("pushfd");
				_pop( *0x633118);
				 *0x63310c =  *_t29;
				 *0x633110 = _v0;
				 *0x63311c =  &_a4;
				 *0x633058 = 0x10001;
				 *0x63300c =  *0x633110;
				 *0x633000 = 0xc0000409;
				 *0x633004 = 1;
				_t21 =  *0x60a7a4; // 0x859ba81c
				_v812 = _t21;
				_t23 =  *0x60a7a8; // 0x7a6457e3
				_v808 = _t23;
				 *0x633050 = IsDebuggerPresent();
				_push(1);
				E00413410(_t12);
				SetUnhandledExceptionFilter(0);
				_t15 = UnhandledExceptionFilter(0x407730);
				if( *0x633050 == 0) {
					_push(1);
					E00413410(_t15);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x00416ca0
0x00416ca0
0x00416ca0
0x00416ca0
0x00416ca0
0x00416ca0
0x00416ca0
0x00416ca6
0x00416ca8
0x00416ca8
0x0041cb0b
0x0041cb10
0x0041cb16
0x0041cb1c
0x0041cb22
0x0041cb28
0x0041cb2e
0x0041cb35
0x0041cb3c
0x0041cb43
0x0041cb4a
0x0041cb51
0x0041cb58
0x0041cb59
0x0041cb62
0x0041cb6a
0x0041cb72
0x0041cb7d
0x0041cb8c
0x0041cb91
0x0041cb9b
0x0041cba5
0x0041cbab
0x0041cbb1
0x0041cbb7
0x0041cbc3
0x0041cbc8
0x0041cbca
0x0041cbd4
0x0041cbdf
0x0041cbec
0x0041cbee
0x0041cbf0
0x0041cbf5
0x0041cc0d

APIs

IsDebuggerPresent.KERNEL32 ref: 0041CBBD
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0041CBD4
UnhandledExceptionFilter.KERNEL32(00407730), ref: 0041CBDF
GetCurrentProcess.KERNEL32(C0000409), ref: 0041CBFD
TerminateProcess.KERNEL32(00000000), ref: 0041CC04

Strings

Wdz, xrefs: 0041CBB1

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID: Wdz
API String ID: 2579439406-4092399554
Opcode ID: 99f2fac6f835401b5b2a8059eaa70c239e18d383c4da92ebd9d64a3d76b696d4
Instruction ID: a7021b985360c7d106344e9c48b261806b493fa352ecee04b80a63ae0aae519c
Opcode Fuzzy Hash: 99f2fac6f835401b5b2a8059eaa70c239e18d383c4da92ebd9d64a3d76b696d4
Instruction Fuzzy Hash: DA2105B8904324DFC304DF55FD866847BB2FB58315F00A06AE80997370E7B996848FDA

Uniqueness

Uniqueness Score: -1.00%

Function 00411C80 Relevance: 1.5, APIs: 1, Instructions: 8
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00411C80() {

				SetUnhandledExceptionFilter(E00411C10);
				return 0;
			}

0x00411c8a
0x00411c93

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00011C10), ref: 00411C8A

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 725cc683a5feb6d52b7d72325b4c8d8bf9e378337467f8ac0abda314484ba784
Instruction ID: 3d2526e74eda86157a82295036fda31cb56e836406d6ed952cb8b4859e4f5d1e
Opcode Fuzzy Hash: 725cc683a5feb6d52b7d72325b4c8d8bf9e378337467f8ac0abda314484ba784
Instruction Fuzzy Hash: 57B012312C424867470033E26D099427B8CD5C47643510471F20DD1020F975949040D9

Uniqueness

Uniqueness Score: -1.00%

Function 022FB0A3 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.256540868.00000000022FB000.00000040.00000800.00020000.00000000.sdmp, Offset: 022FB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22fb000_mzQcZawXvh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: dc931bdacffa71626f5a91983fface84e42c49803b017a91bf40ab42e60966b7
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: F21186723501019FD754DF95DC80FA6B3DAFB8D364B198069EE04CB316D675E841CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0041732E Relevance: 96.7, APIs: 32, Strings: 23, Instructions: 431
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E0041732E(struct _OVERLAPPED* __ecx) {
				CHAR* _t147;
				long _t160;
				void* _t164;
				void* _t167;
				void* _t171;
				struct _OVERLAPPED* _t179;
				struct _OVERLAPPED* _t197;
				struct _OVERLAPPED** _t198;
				void* _t208;
				void* _t209;
				void* _t259;
				void* _t260;
				void* _t261;
				void* _t262;
				signed int _t263;
				void* _t265;
				void* _t267;
				void* _t269;
				void* _t271;

				_t210 = __ecx;
				if(InterlockedIncrement(0x60b390) <= 0) {
					if( *((intOrPtr*)(_t263 + 0x18)) != 0) {
						 *(_t263 - 0x5034) = 0;
						 *(_t263 - 0x5038) =  *(L0040EC70(_t210));
						 *(L0040EC70( *(L0040EC70(_t210)))) = 0;
						_t236 = _t263 - 0x5030;
						_t197 = E0041CAD0(_t263 - 0x5030, 0x1000, 0xfeb,  *((intOrPtr*)(_t263 + 0x18)),  *((intOrPtr*)(_t263 + 0x1c)));
						_t265 = _t265 + 0x14;
						 *(_t263 - 0x5034) = _t197;
						if( *(_t263 - 0x5034) < 0) {
							E0040D870( *((intOrPtr*)(L0040EC70(_t236))), 0x16, 0x22, L"(*_errno())", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x12d, 0);
							_t265 = _t265 + 0x20;
						}
						_t198 = L0040EC70(_t236);
						_t210 =  *(_t263 - 0x5038);
						 *_t198 =  *(_t263 - 0x5038);
						if( *(_t263 - 0x5034) < 0) {
							E0040DDE0(E0040D960(_t208, _t210, _t261, _t263 - 0x5030, 0x1000, "_CrtDbgReport: String too long or IO Error"), _t199, L"strcpy_s(szUserMessage, 4096, \"_CrtDbgReport: String too long or IO Error\")", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x130, 0);
							_t265 = _t265 + 0x24;
						}
					}
					if( *(_t263 + 8) == 2) {
						if( *((intOrPtr*)(_t263 + 0x18)) == 0) {
							 *((intOrPtr*)(_t263 - 0x5068)) = "Assertion failed!";
						} else {
							 *((intOrPtr*)(_t263 - 0x5068)) = "Assertion failed: ";
						}
						_t210 = _t263 - 0x4030;
						E0040DDE0(E0040D960(_t208, _t263 - 0x4030, _t261, _t263 - 0x4030, 0x1000,  *((intOrPtr*)(_t263 - 0x5068))), _t192, L"strcpy_s(szLineMessage, 4096, szFormat ? \"Assertion failed: \" : \"Assertion failed!\")", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x135, 0);
						_t265 = _t265 + 0x24;
					}
					E0040DDE0(E0041A2A0(_t208, _t210, _t259, _t261, _t263 - 0x4030, 0x1000, _t263 - 0x5030), _t136, L"strcat_s(szLineMessage, 4096, szUserMessage)", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x137, 0);
					_t267 = _t265 + 0x24;
					if( *(_t263 + 8) == 2) {
						_t234 =  *(_t263 + 8);
						if(( *(0x60b394 +  *(_t263 + 8) * 4) & 0x00000001) != 0) {
							E0040DDE0(E0041A2A0(_t208, _t234, _t259, _t261, _t263 - 0x4030, 0x1000, "\r"), _t189, L"strcat_s(szLineMessage, 4096, \"\\r\")", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x13c, 0);
							_t267 = _t267 + 0x24;
						}
						_t210 = _t263 - 0x4030;
						E0040DDE0(E0041A2A0(_t208, _t263 - 0x4030, _t259, _t261, _t263 - 0x4030, 0x1000, "\n"), _t186, L"strcat_s(szLineMessage, 4096, \"\\n\")", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x13d, 0);
						_t267 = _t267 + 0x24;
					}
					if( *(_t263 + 0xc) == 0) {
						E0040DDE0(E0040D960(_t208, _t263 - 0x4030, _t261, _t263 - 0x3028, 0x1000, _t263 - 0x4030), _t138, L"strcpy_s(szOutMessage, 4096, szLineMessage)", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x14b, 0);
						_t269 = _t267 + 0x24;
					} else {
						 *(_t263 - 0x503c) = 0;
						 *(_t263 - 0x5040) =  *(L0040EC70(_t210));
						 *(L0040EC70(_t210)) = 0;
						_push(_t263 - 0x4030);
						_t233 =  *(_t263 + 0x10);
						_push( *(_t263 + 0x10));
						_t179 = E00416AA0( *(_t263 + 0x10), _t263 - 0x3028, 0x1000, 0xfff, "%s(%d) : %s",  *(_t263 + 0xc));
						_t269 = _t267 + 0x1c;
						 *(_t263 - 0x503c) = _t179;
						if( *(_t263 - 0x503c) < 0) {
							E0040D870( *(L0040EC70(_t233)), 0x16, 0x22, L"(*_errno())", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x144, 0);
							_t269 = _t269 + 0x20;
						}
						 *(L0040EC70(_t233)) =  *(_t263 - 0x5040);
						if( *(_t263 - 0x503c) < 0) {
							E0040DDE0(E0040D960(_t208, _t233, _t261, _t263 - 0x3028, 0x1000, "_CrtDbgReport: String too long or IO Error"), _t182, L"strcpy_s(szOutMessage, 4096, \"_CrtDbgReport: String too long or IO Error\")", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x147, 0);
							_t269 = _t269 + 0x24;
						}
					}
					 *(_t263 - 0x5044) = 0;
					 *(_t263 - 0x5048) = 0;
					_t240 = _t263 - 0x5044;
					 *(_t263 - 0x5048) = E0041D6C0(_t263 - 0x5044, _t263 - 0x2020, 0x1000, _t263 - 0x3028, 0xffffffff);
					E0040D870( *(_t263 - 0x5048), 0x16, 0x22, L"e = mbstowcs_s(&ret, szOutMessage2, 4096, szOutMessage, ((size_t)-1))", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x150, 0);
					_t271 = _t269 + 0x34;
					if( *(_t263 - 0x5048) != 0) {
						E0040DDE0(E00418B70(_t208, _t263 - 0x2020, _t259, _t261, _t263 - 0x2020, 0x1000, L"_CrtDbgReport: String too long or Invalid characters in String"), _t173, L"wcscpy_s(szOutMessage2, 4096, L\"_CrtDbgReport: String too long or Invalid characters in String\")", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x152, 0);
						_t271 = _t271 + 0x24;
					}
					if( *0x6333fc != 0 ||  *0x6333f8 != 0) {
						 *(_t263 - 0x5050) = 0;
						 *(_t263 - 0x504c) = 0;
						L0040E140(0xf);
						_t271 = _t271 + 4;
						 *(_t263 - 4) = 1;
						_t240 =  *0x6333fc;
						 *(_t263 - 0x5050) =  *0x6333fc;
						while( *(_t263 - 0x5050) != 0) {
							 *(_t263 - 0x5054) = 0;
							_t240 =  *(_t263 - 0x5050);
							_t171 =  *(( *(_t263 - 0x5050))[0xc])( *(_t263 + 8), _t263 - 0x3028, _t263 - 0x5054);
							_t271 = _t271 + 0xc;
							if(_t171 == 0) {
								 *(_t263 - 0x5050) = ( *(_t263 - 0x5050))[4];
								continue;
							}
							 *(_t263 - 0x302c) = 1;
							 *(_t263 - 0x2024) =  *(_t263 - 0x5054);
							break;
						}
						if( *(_t263 - 0x302c) != 0) {
							L43:
							 *(_t263 - 4) = 0;
							E004178C5();
							goto L44;
						}
						_t240 =  *0x6333f8;
						 *(_t263 - 0x504c) =  *0x6333f8;
						while( *(_t263 - 0x504c) != 0) {
							 *(_t263 - 0x5058) = 0;
							_t240 =  *(_t263 - 0x504c);
							_t167 =  *(( *(_t263 - 0x504c))[0xc])( *(_t263 + 8), _t263 - 0x2020, _t263 - 0x5058);
							_t271 = _t271 + 0xc;
							if(_t167 == 0) {
								 *(_t263 - 0x504c) = ( *(_t263 - 0x504c))[4];
								continue;
							}
							 *(_t263 - 0x302c) = 1;
							 *(_t263 - 0x2024) =  *(_t263 - 0x5058);
							goto L43;
						}
						goto L43;
					} else {
						L44:
						if( *(_t263 - 0x302c) == 0) {
							if( *0x6333f4 != 0) {
								 *(_t263 - 0x505c) = 0;
								_t240 = _t263 - 0x505c;
								_t164 =  *0x6333f4( *(_t263 + 8), _t263 - 0x3028, _t263 - 0x505c);
								_t271 = _t271 + 0xc;
								if(_t164 != 0) {
									 *(_t263 - 0x302c) = 1;
									_t240 =  *(_t263 - 0x505c);
									 *(_t263 - 0x2024) =  *(_t263 - 0x505c);
								}
							}
							if( *(_t263 - 0x302c) == 0) {
								if(( *(0x60b394 +  *(_t263 + 8) * 4) & 0x00000001) != 0 &&  *(0x60b3a0 +  *(_t263 + 8) * 4) != 0xffffffff) {
									_t160 = E0040DC40(_t263 - 0x3028);
									_t271 = _t271 + 4;
									WriteFile( *(0x60b3a0 +  *(_t263 + 8) * 4), _t263 - 0x3028, _t160, _t263 - 0x5060, 0);
								}
								if(( *(0x60b394 +  *(_t263 + 8) * 4) & 0x00000002) != 0) {
									OutputDebugStringA(_t263 - 0x3028);
								}
								_t240 =  *(_t263 + 8);
								if(( *(0x60b394 +  *(_t263 + 8) * 4) & 0x00000004) != 0) {
									 *(_t263 - 0x4030) = 0;
									if( *(_t263 + 0x10) != 0) {
										E0040DDE0(E0041D6F0(_t263 - 0x4030,  *(_t263 + 0x10), _t263 - 0x4030, 0x1000, 0xa), _t157, L"_itoa_s(nLine, szLineMessage, 4096, 10)", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x1a2, 0);
										_t271 = _t271 + 0x28;
									}
									asm("sbb edx, edx");
									_t240 =  *(_t263 + 8);
									 *(_t263 - 0x2024) = L00413000(_t208,  *(_t263 + 8), _t259, _t261,  *(_t263 + 8),  *(_t263 + 0xc),  ~( *(_t263 + 0x10)) & _t263 - 0x00004030,  *((intOrPtr*)(_t263 + 0x14)), _t263 - 0x5030);
								}
							}
						}
						L58:
						 *(_t263 - 4) = 0xfffffffe;
						E00417A2F();
						_t147 =  *(_t263 - 0x2024);
						 *[fs:0x0] =  *((intOrPtr*)(_t263 - 0x10));
						_pop(_t260);
						_pop(_t262);
						_pop(_t209);
						return E00416CA0(_t147, _t209,  *(_t263 - 0x1c) ^ _t263, _t240, _t260, _t262);
					}
				}
				E0040DDE0(E0041D6F0(_t210,  *(_t263 + 0x10), _t263 - 0x4030, 0x1000, 0xa), _t204, L"_itoa_s(nLine, szLineMessage, 4096, 10)", L"_VCrtDbgReportA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrptt.c", 0x119, 0);
				OutputDebugStringA("Second Chance Assertion Failed: File ");
				if( *(_t263 + 0xc) == 0) {
					 *(_t263 - 0x5064) = "<file unknown>";
				} else {
					 *(_t263 - 0x5064) =  *(_t263 + 0xc);
				}
				_t240 =  *(_t263 - 0x5064);
				OutputDebugStringA( *(_t263 - 0x5064));
				OutputDebugStringA(", Line ");
				OutputDebugStringA(_t263 - 0x4030);
				OutputDebugStringA("\n");
				E00417230(_t263 - 0x4030);
				 *(_t263 - 0x2024) = 0xffffffff;
				goto L58;
			}

0x0041732e
0x0041733b
0x004173e8
0x004173ee
0x004173ff
0x0041740a
0x00417422
0x00417429
0x0041742e
0x00417431
0x0041743e
0x00417462
0x00417467
0x00417467
0x0041746a
0x0041746f
0x00417475
0x0041747e
0x004174b0
0x004174b5
0x004174b5
0x0041747e
0x004174bc
0x004174c2
0x004174d0
0x004174c4
0x004174c4
0x004174c4
0x004174fc
0x0041750c
0x00417511
0x00417511
0x00417546
0x0041754b
0x00417552
0x00417554
0x00417561
0x00417593
0x00417598
0x00417598
0x004175bb
0x004175cb
0x004175d0
0x004175d0
0x004175d7
0x004176e7
0x004176ec
0x004175dd
0x004175dd
0x004175ee
0x004175f9
0x00417605
0x00417606
0x00417609
0x00417624
0x00417629
0x0041762c
0x00417639
0x0041765d
0x00417662
0x00417662
0x00417670
0x00417679
0x004176ab
0x004176b0
0x004176b0
0x004176b3
0x004176ef
0x004176f9
0x00417718
0x00417727
0x0041774e
0x00417753
0x0041775d
0x0041778f
0x00417794
0x00417794
0x0041779e
0x004177ad
0x004177b7
0x004177c3
0x004177c8
0x004177cb
0x004177d2
0x004177d8
0x004177ef
0x004177f8
0x00417814
0x0041781d
0x0041781f
0x00417824
0x004177e9
0x00000000
0x004177e9
0x00417826
0x00417836
0x00000000
0x00417836
0x00417847
0x004178b7
0x004178b7
0x004178be
0x00000000
0x004178be
0x00417849
0x0041784f
0x00417866
0x0041786f
0x0041788b
0x00417894
0x00417896
0x0041789b
0x00417860
0x00000000
0x00417860
0x0041789d
0x004178ad
0x00000000
0x004178ad
0x00000000
0x004178d0
0x004178d0
0x004178d7
0x004178e4
0x004178e6
0x004178f0
0x00417902
0x00417908
0x0041790d
0x0041790f
0x00417919
0x0041791f
0x0041791f
0x0041790d
0x0041792c
0x0041793f
0x0041795e
0x00417963
0x00417979
0x00417979
0x0041798c
0x00417995
0x00417995
0x0041799b
0x004179a8
0x004179aa
0x004179b5
0x004179e8
0x004179ed
0x004179ed
0x00417a00
0x00417a0f
0x00417a1b
0x00417a1b
0x004179a8
0x0041792c
0x00417a21
0x00417a21
0x00417a28
0x00417a41
0x00417a4a
0x00417a52
0x00417a53
0x00417a54
0x00417a62
0x00417a62
0x0041779e
0x00417372
0x0041737f
0x00417389
0x00417396
0x0041738b
0x0041738e
0x0041738e
0x004173a0
0x004173a7
0x004173b2
0x004173bf
0x004173ca
0x004173d0
0x004173d5
0x00000000

APIs

InterlockedIncrement.KERNEL32(0060B390), ref: 00417333
__itow_s.LIBCMTD ref: 00417369
__invoke_watson_if_error.LIBCMTD ref: 00417372
OutputDebugStringA.KERNEL32(Second Chance Assertion Failed: File ), ref: 0041737F
OutputDebugStringA.KERNEL32(?), ref: 004173A7
OutputDebugStringA.KERNEL32(, Line ), ref: 004173B2
OutputDebugStringA.KERNEL32(?), ref: 004173BF
OutputDebugStringA.KERNEL32(004018B8), ref: 004173CA
__strftime_l.LIBCMTD ref: 00417429
__invoke_watson_if_oneof.LIBCMTD ref: 00417462
_wcscpy_s.LIBCMTD ref: 004174A7
__invoke_watson_if_error.LIBCMTD ref: 004174B0
_wcscpy_s.LIBCMTD ref: 00417503
__invoke_watson_if_error.LIBCMTD ref: 0041750C
__invoke_watson_if_error.LIBCMTD ref: 00417546
__invoke_watson_if_error.LIBCMTD ref: 00417593

Part of subcall function 0040DDE0: __invoke_watson.LIBCMTD ref: 0040DE01

_wcscat_s.LIBCMTD ref: 0041758A

Part of subcall function 0041A2A0: __invalid_parameter.LIBCMTD ref: 0041A312

_wcscat_s.LIBCMTD ref: 004175C2

Part of subcall function 0041A2A0: _memset.LIBCMT ref: 0041A37B
Part of subcall function 0041A2A0: __invalid_parameter.LIBCMTD ref: 0041A3D7

__invoke_watson_if_error.LIBCMTD ref: 004175CB
__snwprintf_s.LIBCMTD ref: 00417624

Part of subcall function 00416AA0: __vsnprintf_s_l.LIBCMTD ref: 00416AC2

__invoke_watson_if_oneof.LIBCMTD ref: 0041765D
_wcscpy_s.LIBCMTD ref: 004176A2
__invoke_watson_if_error.LIBCMTD ref: 004176AB
__cftoe.LIBCMTD ref: 0041771F
__invoke_watson_if_oneof.LIBCMTD ref: 0041774E
_wcscpy_s.LIBCMTD ref: 00417786
__invoke_watson_if_error.LIBCMTD ref: 0041778F

Strings

P^-, xrefs: 0041753C
(*_errno()), xrefs: 00417451, 0041764C
_itoa_s(nLine, szLineMessage, 4096, 10), xrefs: 00417352, 004179C8
t9j, xrefs: 004179B5
t8j, xrefs: 0041775D
strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!"), xrefs: 004174EB
Second Chance Assertion Failed: File , xrefs: 0041737A
%s(%d) : %s, xrefs: 0041760E
Assertion failed!, xrefs: 004174D0
e = mbstowcs_s(&ret, szOutMessage2, 4096, szOutMessage, ((size_t)-1)), xrefs: 0041773E
_CrtDbgReport: String too long or Invalid characters in String, xrefs: 00417775
strcat_s(szLineMessage, 4096, "\n"), xrefs: 004175AC
strcat_s(szLineMessage, 4096, "\r"), xrefs: 00417574
, Line , xrefs: 004173AD
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error"), xrefs: 0041768C
<file unknown>, xrefs: 00417396
_VCrtDbgReportA, xrefs: 0041734D, 0041744C, 0041748C, 004174E6, 00417520, 0041756F, 004175A7, 00417647, 00417687, 00417739, 0041776B, 004179C3
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c, xrefs: 00417348, 00417447, 00417487, 004174E1, 0041751B, 0041756A, 004175A2, 00417642, 00417682, 00417734, 00417766, 004179BE
wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String"), xrefs: 00417770
strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error"), xrefs: 00417491
_CrtDbgReport: String too long or IO Error, xrefs: 00417496, 00417691
strcat_s(szLineMessage, 4096, szUserMessage), xrefs: 00417525
Assertion failed: , xrefs: 004174C4

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __invoke_watson_if_error$DebugOutputString$_wcscpy_s$__invoke_watson_if_oneof$__invalid_parameter_wcscat_s$IncrementInterlocked__cftoe__invoke_watson__itow_s__snwprintf_s__strftime_l__vsnprintf_s_l_memset
String ID: %s(%d) : %s$(*_errno())$, Line $<file unknown>$Assertion failed!$Assertion failed: $P^-$Second Chance Assertion Failed: File $_CrtDbgReport: String too long or IO Error$_CrtDbgReport: String too long or Invalid characters in String$_VCrtDbgReportA$_itoa_s(nLine, szLineMessage, 4096, 10)$e = mbstowcs_s(&ret, szOutMessage2, 4096, szOutMessage, ((size_t)-1))$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c$strcat_s(szLineMessage, 4096, "\n")$strcat_s(szLineMessage, 4096, "\r")$strcat_s(szLineMessage, 4096, szUserMessage)$strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!")$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")$strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")$t8j$t9j$wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
API String ID: 838256046-3027732266
Opcode ID: 2fc64eadacb16a5661d672192a48589888ac05becb44e9ce8aae8d384ce43c27
Instruction ID: a1556ff1c1dce867f7dbfd301839569e69022267772831db7a138e70fd8ffe22
Opcode Fuzzy Hash: 2fc64eadacb16a5661d672192a48589888ac05becb44e9ce8aae8d384ce43c27
Instruction Fuzzy Hash: BA0285B0E44714ABEB24EF51CC4AFDF7374AB04745F5040AAB608762C1D7B89A84CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00421FF9 Relevance: 35.4, APIs: 15, Strings: 5, Instructions: 368
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00421FF9(void* __ebx, signed int __edx, void* __edi, void* __esi) {
				signed int _t496;
				signed int _t518;
				void* _t523;
				signed int _t525;
				void* _t545;
				signed int _t563;
				signed int _t580;
				signed short _t581;
				signed int _t584;
				signed int _t587;
				signed int _t588;
				void* _t589;
				signed int _t611;
				signed int _t647;
				signed int _t649;
				signed int _t651;
				signed int _t658;
				signed int _t698;
				void* _t699;
				void* _t700;
				signed int _t701;
				void* _t703;
				void* _t704;
				signed int _t712;

				L0:
				while(1) {
					L0:
					_t700 = __esi;
					_t699 = __edi;
					_t647 = __edx;
					_t589 = __ebx;
					 *(_t701 - 0x10) =  *(_t701 - 0x10) | 0x00000040;
					 *(_t701 - 8) = 0xa;
					L153:
					while(1) {
						L153:
						while(1) {
							L153:
							while(1) {
								L153:
								if(( *(_t701 - 0x10) & 0x00008000) == 0) {
									_t649 =  *(_t701 - 0x10) & 0x00001000;
									if(_t649 == 0) {
										if(( *(_t701 - 0x10) & 0x00000020) == 0) {
											_t651 =  *(_t701 - 0x10) & 0x00000040;
											if(_t651 == 0) {
												_t496 = E0041C290(_t701 + 0x14);
												_t704 = _t703 + 4;
												 *(_t701 - 0x2b8) = _t496;
												 *(_t701 - 0x2b4) = 0;
											} else {
												_t580 = E0041C290(_t701 + 0x14);
												_t704 = _t703 + 4;
												asm("cdq");
												 *(_t701 - 0x2b8) = _t580;
												 *(_t701 - 0x2b4) = _t651;
											}
										} else {
											_t698 =  *(_t701 - 0x10) & 0x00000040;
											if(_t698 == 0) {
												_t581 = E0041C290(_t701 + 0x14);
												_t704 = _t703 + 4;
												asm("cdq");
												 *(_t701 - 0x2b8) = _t581 & 0x0000ffff;
												 *(_t701 - 0x2b4) = _t698;
											} else {
												_t584 = E0041C290(_t701 + 0x14);
												_t704 = _t703 + 4;
												asm("cdq");
												 *(_t701 - 0x2b8) = _t584;
												 *(_t701 - 0x2b4) = _t698;
											}
										}
									} else {
										_t587 = E0041C2B0(_t701 + 0x14);
										_t704 = _t703 + 4;
										 *(_t701 - 0x2b8) = _t587;
										 *(_t701 - 0x2b4) = _t649;
									}
								} else {
									_t588 = E0041C2B0(_t701 + 0x14);
									_t704 = _t703 + 4;
									 *(_t701 - 0x2b8) = _t588;
									 *(_t701 - 0x2b4) = _t647;
								}
								if(( *(_t701 - 0x10) & 0x00000040) == 0) {
									L170:
									 *(_t701 - 0x2c0) =  *(_t701 - 0x2b8);
									 *(_t701 - 0x2bc) =  *(_t701 - 0x2b4);
									goto L171;
								} else {
									L166:
									_t712 =  *(_t701 - 0x2b4);
									if(_t712 > 0 || _t712 >= 0 &&  *(_t701 - 0x2b8) >= 0) {
										goto L170;
									} else {
										L169:
										asm("adc edx, 0x0");
										 *(_t701 - 0x2c0) =  ~( *(_t701 - 0x2b8));
										 *(_t701 - 0x2bc) =  ~( *(_t701 - 0x2b4));
										 *(_t701 - 0x10) =  *(_t701 - 0x10) | 0x00000100;
										L171:
										if(( *(_t701 - 0x10) & 0x00008000) == 0 && ( *(_t701 - 0x10) & 0x00001000) == 0) {
											 *(_t701 - 0x2bc) =  *(_t701 - 0x2bc) & 0x00000000;
										}
										if( *(_t701 - 0x30) >= 0) {
											 *(_t701 - 0x10) =  *(_t701 - 0x10) & 0xfffffff7;
											if( *(_t701 - 0x30) > 0x200) {
												 *(_t701 - 0x30) = 0x200;
											}
										} else {
											 *(_t701 - 0x30) = 1;
										}
										if(( *(_t701 - 0x2c0) |  *(_t701 - 0x2bc)) == 0) {
											 *(_t701 - 0x1c) = 0;
										}
										 *((intOrPtr*)(_t701 - 4)) = _t701 - 0x49;
										while(1) {
											L181:
											_t657 =  *(_t701 - 0x30) - 1;
											 *(_t701 - 0x30) =  *(_t701 - 0x30) - 1;
											if( *(_t701 - 0x30) <= 0 && ( *(_t701 - 0x2c0) |  *(_t701 - 0x2bc)) == 0) {
												break;
											}
											L183:
											asm("cdq");
											_t658 =  *(_t701 - 0x2c0);
											 *((intOrPtr*)(_t701 - 0x2ac)) = E0041CE40(_t658,  *(_t701 - 0x2bc),  *(_t701 - 8), _t657) + 0x30;
											asm("cdq");
											 *(_t701 - 0x2c0) = E0041CDD0( *(_t701 - 0x2c0),  *(_t701 - 0x2bc),  *(_t701 - 8), _t658);
											 *(_t701 - 0x2bc) = _t658;
											if( *((intOrPtr*)(_t701 - 0x2ac)) > 0x39) {
												 *((intOrPtr*)(_t701 - 0x2ac)) =  *((intOrPtr*)(_t701 - 0x2ac)) +  *((intOrPtr*)(_t701 - 0x260));
											}
											 *((char*)( *((intOrPtr*)(_t701 - 4)))) =  *((intOrPtr*)(_t701 - 0x2ac));
											 *((intOrPtr*)(_t701 - 4)) =  *((intOrPtr*)(_t701 - 4)) - 1;
										}
										L186:
										 *((intOrPtr*)(_t701 - 0x24)) = _t701 - 0x49 -  *((intOrPtr*)(_t701 - 4));
										 *((intOrPtr*)(_t701 - 4)) =  *((intOrPtr*)(_t701 - 4)) + 1;
										if(( *(_t701 - 0x10) & 0x00000200) != 0 && ( *((intOrPtr*)(_t701 - 0x24)) == 0 ||  *((char*)( *((intOrPtr*)(_t701 - 4)))) != 0x30)) {
											 *((intOrPtr*)(_t701 - 4)) =  *((intOrPtr*)(_t701 - 4)) - 1;
											 *((char*)( *((intOrPtr*)(_t701 - 4)))) = 0x30;
											 *((intOrPtr*)(_t701 - 0x24)) =  *((intOrPtr*)(_t701 - 0x24)) + 1;
										}
										L190:
										while(1) {
											L190:
											while(1) {
												L190:
												while(1) {
													L190:
													while(1) {
														L190:
														while(1) {
															L190:
															while(1) {
																L190:
																while(1) {
																	do {
																		L190:
																		if( *((intOrPtr*)(_t701 - 0x28)) != 0) {
																			L216:
																			if( *(_t701 - 0x20) != 0) {
																				L0040C240( *(_t701 - 0x20), 2);
																				_t704 = _t704 + 8;
																				 *(_t701 - 0x20) = 0;
																			}
																			while(1) {
																				L218:
																				 *(_t701 - 0x251) =  *( *(_t701 + 0xc));
																				_t665 =  *(_t701 - 0x251);
																				 *(_t701 + 0xc) =  *(_t701 + 0xc) + 1;
																				if( *(_t701 - 0x251) == 0 ||  *(_t701 - 0x24c) < 0) {
																					break;
																				} else {
																					if( *(_t701 - 0x251) < 0x20 ||  *(_t701 - 0x251) > 0x78) {
																						 *(_t701 - 0x310) = 0;
																					} else {
																						 *(_t701 - 0x310) =  *( *(_t701 - 0x251) + L"pecifier\", 0)") & 0xf;
																					}
																				}
																				L7:
																				 *(_t701 - 0x250) =  *(_t701 - 0x310);
																				_t525 =  *(_t701 - 0x250) * 9;
																				_t611 =  *(_t701 - 0x25c);
																				_t665 = ( *(_t525 + _t611 + 0x4083d0) & 0x000000ff) >> 4;
																				 *(_t701 - 0x25c) = ( *(_t525 + _t611 + 0x4083d0) & 0x000000ff) >> 4;
																				if( *(_t701 - 0x25c) != 8) {
																					L16:
																					 *(_t701 - 0x318) =  *(_t701 - 0x25c);
																					if( *(_t701 - 0x318) > 7) {
																						continue;
																					}
																					L17:
																					switch( *((intOrPtr*)( *(_t701 - 0x318) * 4 +  &M004225E0))) {
																						case 0:
																							L18:
																							 *(_t701 - 0xc) = 0;
																							_t528 = E00419390( *(_t701 - 0x251) & 0x000000ff, E0040D3B0(_t701 - 0x40));
																							_t707 = _t704 + 8;
																							if(_t528 == 0) {
																								L24:
																								E004226F0( *(_t701 - 0x251) & 0x000000ff,  *(_t701 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
																								_t704 = _t707 + 0xc;
																								goto L218;
																							} else {
																								E004226F0( *((intOrPtr*)(_t701 + 8)),  *(_t701 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
																								_t707 = _t707 + 0xc;
																								_t616 =  *( *(_t701 + 0xc));
																								 *(_t701 - 0x251) =  *( *(_t701 + 0xc));
																								_t665 =  *(_t701 + 0xc) + 1;
																								 *(_t701 + 0xc) = _t665;
																								asm("sbb eax, eax");
																								 *(_t701 - 0x27c) =  ~( ~( *(_t701 - 0x251)));
																								if(_t665 == 0) {
																									_push(L"(ch != _T(\'\\0\'))");
																									_push(0);
																									_push(0x486);
																									_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																									_push(2);
																									_t540 = L0040E1A0();
																									_t707 = _t707 + 0x14;
																									if(_t540 == 1) {
																										asm("int3");
																									}
																								}
																								L22:
																								if( *(_t701 - 0x27c) != 0) {
																									goto L24;
																								} else {
																									 *((intOrPtr*)(L0040EC70(_t616))) = 0x16;
																									E00411A50(_t589, _t616, _t699, _t700, L"(ch != _T(\'\\0\'))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x486, 0);
																									 *(_t701 - 0x2f4) = 0xffffffff;
																									E0040D380(_t701 - 0x40);
																									_t518 =  *(_t701 - 0x2f4);
																									goto L229;
																								}
																							}
																						case 1:
																							L25:
																							 *(__ebp - 0x2c) = 0;
																							__edx =  *(__ebp - 0x2c);
																							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
																							__eax =  *(__ebp - 0x28);
																							 *(__ebp - 0x18) =  *(__ebp - 0x28);
																							__ecx =  *(__ebp - 0x18);
																							 *(__ebp - 0x1c) = __ecx;
																							 *(__ebp - 0x10) = 0;
																							 *(__ebp - 0x30) = 0xffffffff;
																							 *(__ebp - 0xc) = 0;
																							goto L218;
																						case 2:
																							L26:
																							__edx =  *((char*)(__ebp - 0x251));
																							 *(__ebp - 0x31c) =  *((char*)(__ebp - 0x251));
																							 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
																							 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
																							if( *(__ebp - 0x31c) > 0x10) {
																								goto L33;
																							}
																							L27:
																							__ecx =  *(__ebp - 0x31c);
																							_t74 = __ecx + 0x422618; // 0x498d04
																							__edx =  *_t74 & 0x000000ff;
																							switch( *((intOrPtr*)(( *_t74 & 0x000000ff) * 4 +  &M00422600))) {
																								case 0:
																									goto L30;
																								case 1:
																									goto L31;
																								case 2:
																									goto L29;
																								case 3:
																									goto L28;
																								case 4:
																									goto L32;
																								case 5:
																									goto L33;
																							}
																						case 3:
																							L34:
																							__edx =  *((char*)(__ebp - 0x251));
																							if( *((char*)(__ebp - 0x251)) != 0x2a) {
																								__eax =  *(__ebp - 0x18);
																								__eax =  *(__ebp - 0x18) * 0xa;
																								__ecx =  *((char*)(__ebp - 0x251));
																								_t98 = __ecx - 0x30; // -48
																								__edx = __eax + _t98;
																								 *(__ebp - 0x18) = __eax + _t98;
																							} else {
																								__eax = __ebp + 0x14;
																								 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
																								if( *(__ebp - 0x18) < 0) {
																									__ecx =  *(__ebp - 0x10);
																									__ecx =  *(__ebp - 0x10) | 0x00000004;
																									 *(__ebp - 0x10) = __ecx;
																									 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
																									 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
																								}
																							}
																							goto L218;
																						case 4:
																							L40:
																							 *(__ebp - 0x30) = 0;
																							goto L218;
																						case 5:
																							L41:
																							__eax =  *((char*)(__ebp - 0x251));
																							if( *((char*)(__ebp - 0x251)) != 0x2a) {
																								 *(__ebp - 0x30) =  *(__ebp - 0x30) * 0xa;
																								_t109 =  *((char*)(__ebp - 0x251)) - 0x30; // -48
																								__ecx =  *(__ebp - 0x30) * 0xa + _t109;
																								 *(__ebp - 0x30) = __ecx;
																							} else {
																								__ecx = __ebp + 0x14;
																								 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
																								if( *(__ebp - 0x30) < 0) {
																									 *(__ebp - 0x30) = 0xffffffff;
																								}
																							}
																							goto L218;
																						case 6:
																							L47:
																							__edx =  *((char*)(__ebp - 0x251));
																							 *(__ebp - 0x320) =  *((char*)(__ebp - 0x251));
																							 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
																							 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
																							if( *(__ebp - 0x320) > 0x2e) {
																								L70:
																								goto L218;
																							}
																							L48:
																							__ecx =  *(__ebp - 0x320);
																							_t117 = __ecx + 0x422640; // 0x1e4e9003
																							__edx =  *_t117 & 0x000000ff;
																							switch( *((intOrPtr*)(( *_t117 & 0x000000ff) * 4 +  &M0042262C))) {
																								case 0:
																									L53:
																									__edx =  *(__ebp + 0xc);
																									__eax =  *( *(__ebp + 0xc));
																									if( *( *(__ebp + 0xc)) != 0x36) {
																										L56:
																										__edx =  *(__ebp + 0xc);
																										__eax =  *( *(__ebp + 0xc));
																										if( *( *(__ebp + 0xc)) != 0x33) {
																											L59:
																											__edx =  *(__ebp + 0xc);
																											__eax =  *( *(__ebp + 0xc));
																											if( *( *(__ebp + 0xc)) == 0x64) {
																												L65:
																												L67:
																												goto L70;
																											}
																											L60:
																											__ecx =  *(__ebp + 0xc);
																											__edx =  *__ecx;
																											if( *__ecx == 0x69) {
																												goto L65;
																											}
																											L61:
																											__eax =  *(__ebp + 0xc);
																											__ecx =  *( *(__ebp + 0xc));
																											if(__ecx == 0x6f) {
																												goto L65;
																											}
																											L62:
																											__edx =  *(__ebp + 0xc);
																											__eax =  *( *(__ebp + 0xc));
																											if( *( *(__ebp + 0xc)) == 0x75) {
																												goto L65;
																											}
																											L63:
																											__ecx =  *(__ebp + 0xc);
																											__edx =  *__ecx;
																											if( *__ecx == 0x78) {
																												goto L65;
																											}
																											L64:
																											__eax =  *(__ebp + 0xc);
																											__ecx =  *( *(__ebp + 0xc));
																											if(__ecx != 0x58) {
																												L66:
																												 *(__ebp - 0x25c) = 0;
																												goto L18;
																											}
																											goto L65;
																										}
																										L57:
																										__ecx =  *(__ebp + 0xc);
																										__edx =  *((char*)(__ecx + 1));
																										if( *((char*)(__ecx + 1)) != 0x32) {
																											goto L59;
																										}
																										L58:
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																										__ecx =  *(__ebp - 0x10);
																										__ecx =  *(__ebp - 0x10) & 0xffff7fff;
																										 *(__ebp - 0x10) = __ecx;
																										goto L67;
																									}
																									L54:
																									__ecx =  *(__ebp + 0xc);
																									__edx =  *((char*)(__ecx + 1));
																									if( *((char*)(__ecx + 1)) != 0x34) {
																										goto L56;
																									}
																									L55:
																									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																									__ecx =  *(__ebp - 0x10);
																									__ecx =  *(__ebp - 0x10) | 0x00008000;
																									 *(__ebp - 0x10) = __ecx;
																									goto L67;
																								case 1:
																									L68:
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																									goto L70;
																								case 2:
																									L49:
																									__eax =  *(__ebp + 0xc);
																									__ecx =  *( *(__ebp + 0xc));
																									if(__ecx != 0x6c) {
																										__ecx =  *(__ebp - 0x10);
																										__ecx =  *(__ebp - 0x10) | 0x00000010;
																										 *(__ebp - 0x10) = __ecx;
																									} else {
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																									}
																									goto L70;
																								case 3:
																									L69:
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																									goto L70;
																								case 4:
																									goto L70;
																							}
																						case 7:
																							goto L71;
																						case 8:
																							L30:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
																							goto L33;
																						case 9:
																							L31:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																							goto L33;
																						case 0xa:
																							L29:
																							__ecx =  *(__ebp - 0x10);
																							__ecx =  *(__ebp - 0x10) | 0x00000001;
																							 *(__ebp - 0x10) = __ecx;
																							goto L33;
																						case 0xb:
																							L28:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																							goto L33;
																						case 0xc:
																							L32:
																							__ecx =  *(__ebp - 0x10);
																							__ecx =  *(__ebp - 0x10) | 0x00000008;
																							 *(__ebp - 0x10) = __ecx;
																							goto L33;
																						case 0xd:
																							L33:
																							goto L218;
																					}
																				} else {
																					if(0 == 0) {
																						 *(_t701 - 0x314) = 0;
																					} else {
																						 *(_t701 - 0x314) = 1;
																					}
																					_t618 =  *(_t701 - 0x314);
																					 *(_t701 - 0x278) =  *(_t701 - 0x314);
																					if( *(_t701 - 0x278) == 0) {
																						_push(L"(\"Incorrect format specifier\", 0)");
																						_push(0);
																						_push(0x460);
																						_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																						_push(2);
																						_t545 = L0040E1A0();
																						_t704 = _t704 + 0x14;
																						if(_t545 == 1) {
																							asm("int3");
																						}
																					}
																					L14:
																					if( *(_t701 - 0x278) != 0) {
																						goto L16;
																					} else {
																						 *((intOrPtr*)(L0040EC70(_t618))) = 0x16;
																						E00411A50(_t589, _t618, _t699, _t700, L"(\"Incorrect format specifier\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
																						 *(_t701 - 0x2f0) = 0xffffffff;
																						E0040D380(_t701 - 0x40);
																						_t518 =  *(_t701 - 0x2f0);
																						L229:
																						return E00416CA0(_t518, _t589,  *(_t701 - 0x48) ^ _t701, _t665, _t699, _t700);
																					}
																				}
																			}
																			L219:
																			if( *(_t701 - 0x25c) == 0 ||  *(_t701 - 0x25c) == 7) {
																				 *(_t701 - 0x334) = 1;
																			} else {
																				 *(_t701 - 0x334) = 0;
																			}
																			_t605 =  *(_t701 - 0x334);
																			 *(_t701 - 0x2e0) =  *(_t701 - 0x334);
																			if( *(_t701 - 0x2e0) == 0) {
																				_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
																				_push(0);
																				_push(0x8f5);
																				_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																				_push(2);
																				_t523 = L0040E1A0();
																				_t704 = _t704 + 0x14;
																				if(_t523 == 1) {
																					asm("int3");
																				}
																			}
																			if( *(_t701 - 0x2e0) != 0) {
																				 *(_t701 - 0x300) =  *(_t701 - 0x24c);
																				E0040D380(_t701 - 0x40);
																				_t518 =  *(_t701 - 0x300);
																			} else {
																				 *((intOrPtr*)(L0040EC70(_t605))) = 0x16;
																				E00411A50(_t589, _t605, _t699, _t700, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
																				 *(_t701 - 0x2fc) = 0xffffffff;
																				E0040D380(_t701 - 0x40);
																				_t518 =  *(_t701 - 0x2fc);
																			}
																			goto L229;
																		}
																		L191:
																		if(( *(_t701 - 0x10) & 0x00000040) != 0) {
																			if(( *(_t701 - 0x10) & 0x00000100) == 0) {
																				if(( *(_t701 - 0x10) & 0x00000001) == 0) {
																					if(( *(_t701 - 0x10) & 0x00000002) != 0) {
																						 *((char*)(_t701 - 0x14)) = 0x20;
																						 *(_t701 - 0x1c) = 1;
																					}
																				} else {
																					 *((char*)(_t701 - 0x14)) = 0x2b;
																					 *(_t701 - 0x1c) = 1;
																				}
																			} else {
																				 *((char*)(_t701 - 0x14)) = 0x2d;
																				 *(_t701 - 0x1c) = 1;
																			}
																		}
																		 *((intOrPtr*)(_t701 - 0x2c4)) =  *((intOrPtr*)(_t701 - 0x18)) -  *((intOrPtr*)(_t701 - 0x24)) -  *(_t701 - 0x1c);
																		if(( *(_t701 - 0x10) & 0x0000000c) == 0) {
																			E00422790(0x20,  *((intOrPtr*)(_t701 - 0x2c4)),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
																			_t704 = _t704 + 0x10;
																		}
																		E004227D0( *(_t701 - 0x1c), _t701 - 0x14,  *(_t701 - 0x1c),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
																		_t704 = _t704 + 0x10;
																		if(( *(_t701 - 0x10) & 0x00000008) != 0 && ( *(_t701 - 0x10) & 0x00000004) == 0) {
																			E00422790(0x30,  *((intOrPtr*)(_t701 - 0x2c4)),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
																			_t704 = _t704 + 0x10;
																		}
																		if( *(_t701 - 0xc) == 0 ||  *((intOrPtr*)(_t701 - 0x24)) <= 0) {
																			L212:
																			E004227D0( *((intOrPtr*)(_t701 - 4)),  *((intOrPtr*)(_t701 - 4)),  *((intOrPtr*)(_t701 - 0x24)),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
																			_t704 = _t704 + 0x10;
																			goto L213;
																		} else {
																			L205:
																			 *(_t701 - 0x2dc) = 0;
																			 *((intOrPtr*)(_t701 - 0x2c8)) =  *((intOrPtr*)(_t701 - 4));
																			 *((intOrPtr*)(_t701 - 0x2cc)) =  *((intOrPtr*)(_t701 - 0x24));
																			while(1) {
																				L206:
																				 *((intOrPtr*)(_t701 - 0x2cc)) =  *((intOrPtr*)(_t701 - 0x2cc)) - 1;
																				if( *((intOrPtr*)(_t701 - 0x2cc)) == 0) {
																					break;
																				}
																				L207:
																				 *(_t701 - 0x32e) =  *((intOrPtr*)( *((intOrPtr*)(_t701 - 0x2c8))));
																				_t563 = E004212A0(_t701 - 0x2d0, _t701 - 0x2d8, 6,  *(_t701 - 0x32e) & 0x0000ffff);
																				_t704 = _t704 + 0x10;
																				 *(_t701 - 0x2dc) = _t563;
																				 *((intOrPtr*)(_t701 - 0x2c8)) =  *((intOrPtr*)(_t701 - 0x2c8)) + 2;
																				if( *(_t701 - 0x2dc) != 0 ||  *((intOrPtr*)(_t701 - 0x2d0)) == 0) {
																					L209:
																					 *(_t701 - 0x24c) = 0xffffffff;
																					break;
																				} else {
																					L210:
																					E004227D0( *((intOrPtr*)(_t701 + 8)), _t701 - 0x2d8,  *((intOrPtr*)(_t701 - 0x2d0)),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
																					_t704 = _t704 + 0x10;
																					continue;
																				}
																			}
																			L211:
																			L213:
																			if( *(_t701 - 0x24c) >= 0 && ( *(_t701 - 0x10) & 0x00000004) != 0) {
																				E00422790(0x20,  *((intOrPtr*)(_t701 - 0x2c4)),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
																				_t704 = _t704 + 0x10;
																			}
																			goto L216;
																		}
																		L71:
																		__ecx =  *((char*)(__ebp - 0x251));
																		 *(__ebp - 0x324) = __ecx;
																		__edx =  *(__ebp - 0x324);
																		__edx =  *(__ebp - 0x324) - 0x41;
																		 *(__ebp - 0x324) = __edx;
																	} while ( *(__ebp - 0x324) > 0x37);
																	_t158 =  *(__ebp - 0x324) + 0x4226ac; // 0xcccccc0d
																	__ecx =  *_t158 & 0x000000ff;
																	switch( *((intOrPtr*)(__ecx * 4 +  &M00422670))) {
																		case 0:
																			L123:
																			 *(__ebp - 0x2c) = 1;
																			__ecx =  *((char*)(__ebp - 0x251));
																			__ecx =  *((char*)(__ebp - 0x251)) + 0x20;
																			 *((char*)(__ebp - 0x251)) = __cl;
																			goto L124;
																		case 1:
																			L73:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																			}
																			goto L75;
																		case 2:
																			L88:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																			}
																			goto L90;
																		case 3:
																			L146:
																			 *((intOrPtr*)(__ebp - 0x260)) = 7;
																			goto L148;
																		case 4:
																			L81:
																			__eax = __ebp + 0x14;
																			 *(__ebp - 0x288) = E0041C290(__ebp + 0x14);
																			if( *(__ebp - 0x288) == 0) {
																				L83:
																				__edx =  *0x60b4f0; // 0x407424
																				 *(__ebp - 4) = __edx;
																				__eax =  *(__ebp - 4);
																				 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																				L87:
																				goto L190;
																			}
																			L82:
																			__ecx =  *(__ebp - 0x288);
																			if( *((intOrPtr*)( *(__ebp - 0x288) + 4)) != 0) {
																				L84:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
																				if(( *(__ebp - 0x10) & 0x00000800) == 0) {
																					 *(__ebp - 0xc) = 0;
																					__edx =  *(__ebp - 0x288);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x288);
																					__edx =  *__ecx;
																					 *(__ebp - 0x24) =  *__ecx;
																				} else {
																					__edx =  *(__ebp - 0x288);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x288);
																					__eax =  *__ecx;
																					asm("cdq");
																					 *__ecx - __edx =  *__ecx - __edx >> 1;
																					 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
																					 *(__ebp - 0xc) = 1;
																				}
																				goto L87;
																			}
																			goto L83;
																		case 5:
																			L124:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			__eax = __ebp - 0x248;
																			 *(__ebp - 4) = __ebp - 0x248;
																			 *(__ebp - 0x44) = 0x200;
																			if( *(__ebp - 0x30) >= 0) {
																				L126:
																				if( *(__ebp - 0x30) != 0) {
																					L129:
																					if( *(__ebp - 0x30) > 0x200) {
																						 *(__ebp - 0x30) = 0x200;
																					}
																					L131:
																					if( *(__ebp - 0x30) > 0xa3) {
																						 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																						 *(__ebp - 0x20) = L0040B5C0(__ecx,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																						if( *(__ebp - 0x20) == 0) {
																							 *(__ebp - 0x30) = 0xa3;
																						} else {
																							__eax =  *(__ebp - 0x20);
																							 *(__ebp - 4) =  *(__ebp - 0x20);
																							 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																							 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																						}
																					}
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					__eax =  *(__ebp + 0x14);
																					__ecx =  *(__eax - 8);
																					__edx =  *(__eax - 4);
																					 *(__ebp - 0x2a8) =  *(__eax - 8);
																					 *(__ebp - 0x2a4) =  *(__eax - 4);
																					__ecx = __ebp - 0x40;
																					_push(E0040D3B0(__ebp - 0x40));
																					__eax =  *(__ebp - 0x2c);
																					_push( *(__ebp - 0x2c));
																					__ecx =  *(__ebp - 0x30);
																					_push( *(__ebp - 0x30));
																					__edx =  *((char*)(__ebp - 0x251));
																					_push( *((char*)(__ebp - 0x251)));
																					__eax =  *(__ebp - 0x44);
																					_push( *(__ebp - 0x44));
																					__ecx =  *(__ebp - 4);
																					_push( *(__ebp - 4));
																					__edx = __ebp - 0x2a8;
																					_push(__ebp - 0x2a8);
																					__eax =  *0x60b3cc; // 0x7e8c4bdb
																					__eax =  *__eax();
																					__esp = __esp + 0x1c;
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																					if(( *(__ebp - 0x10) & 0x00000080) != 0 &&  *(__ebp - 0x30) == 0) {
																						__ecx = __ebp - 0x40;
																						_push(E0040D3B0(__ebp - 0x40));
																						__edx =  *(__ebp - 4);
																						_push( *(__ebp - 4));
																						__eax =  *0x60b3d8; // 0x7e8c4bdb
																						__eax =  *__eax();
																						__esp = __esp + 8;
																					}
																					__ecx =  *((char*)(__ebp - 0x251));
																					if( *((char*)(__ebp - 0x251)) == 0x67) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																						if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																							__ecx = __ebp - 0x40;
																							_push(E0040D3B0(__ebp - 0x40));
																							__eax =  *(__ebp - 4);
																							_push( *(__ebp - 4));
																							__ecx =  *0x60b3d4; // 0x7e8c4bdb
																							E00410200(__ecx) =  *__eax();
																							__esp = __esp + 8;
																						}
																					}
																					__edx =  *(__ebp - 4);
																					__eax =  *( *(__ebp - 4));
																					if( *( *(__ebp - 4)) == 0x2d) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						 *(__ebp - 4) =  *(__ebp - 4) + 1;
																						 *(__ebp - 4) =  *(__ebp - 4) + 1;
																					}
																					__eax =  *(__ebp - 4);
																					 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																					goto L190;
																				}
																				L127:
																				__ecx =  *((char*)(__ebp - 0x251));
																				if(__ecx != 0x67) {
																					goto L129;
																				}
																				L128:
																				 *(__ebp - 0x30) = 1;
																				goto L131;
																			}
																			L125:
																			 *(__ebp - 0x30) = 6;
																			goto L131;
																		case 6:
																			L75:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
																			if(( *(__ebp - 0x10) & 0x00000810) == 0) {
																				__ebp + 0x14 = E0041C290(__ebp + 0x14);
																				 *(__ebp - 0x284) = __ax;
																				__cl =  *(__ebp - 0x284);
																				 *(__ebp - 0x248) = __cl;
																				 *(__ebp - 0x24) = 1;
																			} else {
																				 *(__ebp - 0x280) = 0;
																				__edx = __ebp + 0x14;
																				__eax = E0041C2D0(__ebp + 0x14);
																				 *(__ebp - 0x258) = __ax;
																				__eax =  *(__ebp - 0x258) & 0x0000ffff;
																				__ecx = __ebp - 0x248;
																				__edx = __ebp - 0x24;
																				 *(__ebp - 0x280) = E004212A0(__ebp - 0x24, __ebp - 0x248, 0x200,  *(__ebp - 0x258) & 0x0000ffff);
																				if( *(__ebp - 0x280) != 0) {
																					 *(__ebp - 0x28) = 1;
																				}
																			}
																			__edx = __ebp - 0x248;
																			 *(__ebp - 4) = __ebp - 0x248;
																			goto L190;
																		case 7:
																			goto L0;
																		case 8:
																			L109:
																			__ecx = __ebp + 0x14;
																			 *(__ebp - 0x298) = E0041C290(__ebp + 0x14);
																			if(E00420F80() != 0) {
																				L119:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																				if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																					__edx =  *(__ebp - 0x298);
																					__eax =  *(__ebp - 0x24c);
																					 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
																				} else {
																					__eax =  *(__ebp - 0x298);
																					 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
																				}
																				 *(__ebp - 0x28) = 1;
																				goto L190;
																			}
																			L110:
																			__edx = 0;
																			if(0 == 0) {
																				 *(__ebp - 0x32c) = 0;
																			} else {
																				 *(__ebp - 0x32c) = 1;
																			}
																			__eax =  *(__ebp - 0x32c);
																			 *(__ebp - 0x29c) =  *(__ebp - 0x32c);
																			if( *(__ebp - 0x29c) == 0) {
																				_push(L"(\"\'n\' format specifier disabled\", 0)");
																				_push(0);
																				_push(0x695);
																				_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																				_push(2);
																				__eax = L0040E1A0();
																				__esp = __esp + 0x14;
																				if(__eax == 1) {
																					asm("int3");
																				}
																			}
																			if( *(__ebp - 0x29c) != 0) {
																				L118:
																				goto L190;
																			} else {
																				L117:
																				 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
																				__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
																				 *(__ebp - 0x2f8) = 0xffffffff;
																				__ecx = __ebp - 0x40;
																				__eax = E0040D380(__ecx);
																				__eax =  *(__ebp - 0x2f8);
																				goto L229;
																			}
																		case 9:
																			L151:
																			 *(__ebp - 8) = 8;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000200;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000200;
																			}
																			goto L153;
																		case 0xa:
																			L145:
																			 *(__ebp - 0x30) = 8;
																			goto L146;
																		case 0xb:
																			L90:
																			if( *(__ebp - 0x30) != 0xffffffff) {
																				__edx =  *(__ebp - 0x30);
																				 *(__ebp - 0x328) =  *(__ebp - 0x30);
																			} else {
																				 *(__ebp - 0x328) = 0x7fffffff;
																			}
																			__eax =  *(__ebp - 0x328);
																			 *(__ebp - 0x290) =  *(__ebp - 0x328);
																			__ecx = __ebp + 0x14;
																			 *(__ebp - 4) = E0041C290(__ebp + 0x14);
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
																			if(( *(__ebp - 0x10) & 0x00000810) == 0) {
																				L101:
																				if( *(__ebp - 4) == 0) {
																					__edx =  *0x60b4f0; // 0x407424
																					 *(__ebp - 4) = __edx;
																				}
																				__eax =  *(__ebp - 4);
																				 *(__ebp - 0x28c) =  *(__ebp - 4);
																				while(1) {
																					L104:
																					__ecx =  *(__ebp - 0x290);
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					if(__ecx == 0) {
																						break;
																					}
																					L105:
																					__eax =  *(__ebp - 0x28c);
																					__ecx =  *( *(__ebp - 0x28c));
																					if(__ecx == 0) {
																						break;
																					}
																					L106:
																					 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
																					 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
																				}
																				L107:
																				 *(__ebp - 0x28c) =  *(__ebp - 0x28c) -  *(__ebp - 4);
																				 *(__ebp - 0x24) =  *(__ebp - 0x28c) -  *(__ebp - 4);
																				goto L108;
																			} else {
																				L94:
																				if( *(__ebp - 4) == 0) {
																					__eax =  *0x60b4f4; // 0x407414
																					 *(__ebp - 4) = __eax;
																				}
																				 *(__ebp - 0xc) = 1;
																				__ecx =  *(__ebp - 4);
																				 *(__ebp - 0x294) =  *(__ebp - 4);
																				while(1) {
																					L97:
																					__edx =  *(__ebp - 0x290);
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					if( *(__ebp - 0x290) == 0) {
																						break;
																					}
																					L98:
																					__ecx =  *(__ebp - 0x294);
																					__edx =  *( *(__ebp - 0x294)) & 0x0000ffff;
																					if(( *( *(__ebp - 0x294)) & 0x0000ffff) == 0) {
																						break;
																					}
																					L99:
																					 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
																					 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
																				}
																				L100:
																				 *(__ebp - 0x294) =  *(__ebp - 0x294) -  *(__ebp - 4);
																				__ecx =  *(__ebp - 0x294) -  *(__ebp - 4) >> 1;
																				 *(__ebp - 0x24) = __ecx;
																				L108:
																				goto L190;
																			}
																		case 0xc:
																			L144:
																			 *(__ebp - 8) = 0xa;
																			goto L153;
																		case 0xd:
																			L147:
																			 *((intOrPtr*)(__ebp - 0x260)) = 0x27;
																			L148:
																			 *(__ebp - 8) = 0x10;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				 *((char*)(__ebp - 0x14)) = 0x30;
																				 *((intOrPtr*)(__ebp - 0x260)) =  *((intOrPtr*)(__ebp - 0x260)) + 0x51;
																				 *((char*)(__ebp - 0x13)) = __al;
																				 *(__ebp - 0x1c) = 2;
																			}
																			goto L153;
																		case 0xe:
																			goto L190;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}

0x00421ff9
0x00421ff9
0x00421ff9
0x00421ff9
0x00421ff9
0x00421ff9
0x00421ff9
0x00421fff
0x00422002
0x00000000
0x0042207a
0x00000000
0x0042207a
0x00000000
0x0042207a
0x0042207a
0x00422082
0x004220a4
0x004220aa
0x004220cf
0x00422116
0x00422119
0x0042213a
0x0042213f
0x00422144
0x0042214a
0x0042211b
0x0042211f
0x00422124
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d7
0x004220f9
0x004220fe
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220dd
0x004220e2
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220b0
0x004220b5
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422088
0x0042208d
0x00422090
0x00422096
0x00422096
0x00422156
0x00422198
0x0042219e
0x004221aa
0x00000000
0x00422158
0x00422158
0x00422158
0x0042215f
0x00000000
0x0042216c
0x0042216c
0x0042217a
0x0042217f
0x00422185
0x00422193
0x004221b0
0x004221b8
0x004221da
0x004221da
0x004221e4
0x004221f5
0x004221ff
0x00422201
0x00422201
0x004221e6
0x004221e6
0x004221e6
0x00422214
0x00422216
0x00422216
0x00422220
0x00422223
0x00422223
0x00422229
0x0042222c
0x00422231
0x00000000
0x00000000
0x00422241
0x00422244
0x0042224e
0x0042225d
0x00422266
0x0042227c
0x00422282
0x0042228f
0x0042229d
0x0042229d
0x004222ac
0x004222b4
0x004222b4
0x004222bc
0x004222c2
0x004222cb
0x004222d7
0x004222f0
0x004222f6
0x004222ff
0x004222ff
0x00000000
0x00422302
0x00000000
0x00422302
0x00000000
0x00422302
0x00000000
0x00422302
0x00000000
0x00422302
0x00000000
0x00422302
0x00000000
0x00422302
0x00422302
0x00422302
0x00422306
0x004224ed
0x004224f1
0x004224f9
0x004224fe
0x00422501
0x00422501
0x00422508
0x00422508
0x004215df
0x004215e5
0x004215f2
0x004215f7
0x00000000
0x0042160a
0x00421614
0x0042163b
0x00421622
0x00421633
0x00421633
0x00421614
0x00421645
0x0042164b
0x00421657
0x0042165a
0x00421668
0x0042166b
0x00421678
0x0042171d
0x00421723
0x00421730
0x00000000
0x00000000
0x00421736
0x0042173c
0x00000000
0x00421743
0x00421743
0x0042175b
0x00421760
0x00421765
0x0042181f
0x00421832
0x00421837
0x00000000
0x0042176b
0x0042177e
0x00421783
0x00421789
0x0042178b
0x00421794
0x00421797
0x004217a3
0x004217a7
0x004217ad
0x004217af
0x004217b4
0x004217b6
0x004217bb
0x004217c0
0x004217c2
0x004217c7
0x004217cd
0x004217cf
0x004217cf
0x004217cd
0x004217d0
0x004217d7
0x00000000
0x004217d9
0x004217de
0x004217fa
0x00421802
0x0042180f
0x00421814
0x00000000
0x00421814
0x004217d7
0x00000000
0x0042183f
0x0042183f
0x00421846
0x00421849
0x0042184c
0x0042184f
0x00421852
0x00421855
0x00421858
0x0042185f
0x00421866
0x00000000
0x00000000
0x00421872
0x00421872
0x00421879
0x00421885
0x00421888
0x00421895
0x00000000
0x00000000
0x00421897
0x00421897
0x0042189d
0x0042189d
0x004218a4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004218e7
0x004218e7
0x004218f1
0x0042191b
0x0042191e
0x00421921
0x00421928
0x00421928
0x0042192c
0x004218f3
0x004218f3
0x004218ff
0x00421906
0x00421908
0x0042190b
0x0042190e
0x00421914
0x00421916
0x00421916
0x00421919
0x00000000
0x00000000
0x00421934
0x00421934
0x00000000
0x00000000
0x00421940
0x00421940
0x0042194a
0x0042196d
0x00421977
0x00421977
0x0042197b
0x0042194c
0x0042194c
0x00421958
0x0042195f
0x00421961
0x00421961
0x00421968
0x00000000
0x00000000
0x00421983
0x00421983
0x0042198a
0x00421996
0x00421999
0x004219a6
0x00421ab9
0x00000000
0x00421ab9
0x004219ac
0x004219ac
0x004219b2
0x004219b2
0x004219b9
0x00000000
0x004219ef
0x004219ef
0x004219f2
0x004219f8
0x00421a20
0x00421a20
0x00421a23
0x00421a29
0x00421a4e
0x00421a4e
0x00421a51
0x00421a57
0x00421a90
0x00421aa1
0x00000000
0x00421aa1
0x00421a59
0x00421a59
0x00421a5c
0x00421a62
0x00000000
0x00000000
0x00421a64
0x00421a64
0x00421a67
0x00421a6d
0x00000000
0x00000000
0x00421a6f
0x00421a6f
0x00421a72
0x00421a78
0x00000000
0x00000000
0x00421a7a
0x00421a7a
0x00421a7d
0x00421a83
0x00000000
0x00000000
0x00421a85
0x00421a85
0x00421a88
0x00421a8e
0x00421a92
0x00421a92
0x00000000
0x00421a92
0x00000000
0x00421a8e
0x00421a2b
0x00421a2b
0x00421a2e
0x00421a35
0x00000000
0x00000000
0x00421a37
0x00421a3a
0x00421a3d
0x00421a40
0x00421a43
0x00421a49
0x00000000
0x00421a49
0x004219fa
0x004219fa
0x004219fd
0x00421a04
0x00000000
0x00000000
0x00421a06
0x00421a09
0x00421a0c
0x00421a0f
0x00421a12
0x00421a18
0x00000000
0x00000000
0x00421aa3
0x00421aa6
0x00421aa9
0x00000000
0x00000000
0x004219c0
0x004219c0
0x004219c3
0x004219c9
0x004219e1
0x004219e4
0x004219e7
0x004219cb
0x004219ce
0x004219d1
0x004219d7
0x004219dc
0x004219dc
0x00000000
0x00000000
0x00421aae
0x00421ab1
0x00421ab6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004218c1
0x004218c4
0x004218c7
0x00000000
0x00000000
0x004218cc
0x004218cf
0x004218d4
0x00000000
0x00000000
0x004218b6
0x004218b6
0x004218b9
0x004218bc
0x00000000
0x00000000
0x004218ab
0x004218ae
0x004218b1
0x00000000
0x00000000
0x004218d9
0x004218d9
0x004218dc
0x004218df
0x00000000
0x00000000
0x004218e2
0x00000000
0x00000000
0x0042167e
0x00421680
0x0042168e
0x00421682
0x00421682
0x00421682
0x00421698
0x0042169e
0x004216ab
0x004216ad
0x004216b2
0x004216b4
0x004216b9
0x004216be
0x004216c0
0x004216c5
0x004216cb
0x004216cd
0x004216cd
0x004216cb
0x004216ce
0x004216d5
0x00000000
0x004216d7
0x004216dc
0x004216f8
0x00421700
0x0042170d
0x00421712
0x004225d1
0x004225de
0x004225de
0x004216d5
0x00421678
0x0042250d
0x00422514
0x0042252b
0x0042251f
0x0042251f
0x0042251f
0x00422535
0x0042253b
0x00422548
0x0042254a
0x0042254f
0x00422551
0x00422556
0x0042255b
0x0042255d
0x00422562
0x00422568
0x0042256a
0x0042256a
0x00422568
0x00422572
0x004225bd
0x004225c6
0x004225cb
0x00422574
0x00422579
0x00422595
0x0042259d
0x004225aa
0x004225af
0x004225af
0x00000000
0x00422572
0x0042230c
0x00422312
0x0042231c
0x00422331
0x00422346
0x00422348
0x0042234c
0x0042234c
0x00422333
0x00422333
0x00422337
0x00422337
0x0042231e
0x0042231e
0x00422322
0x00422322
0x0042231c
0x0042235c
0x00422368
0x0042237e
0x00422383
0x00422383
0x00422399
0x0042239e
0x004223a7
0x004223c5
0x004223ca
0x004223ca
0x004223d1
0x004224a5
0x004224b8
0x004224bd
0x00000000
0x004223e1
0x004223e1
0x004223e1
0x004223ee
0x004223f7
0x004223fd
0x004223fd
0x0042240c
0x00422414
0x00000000
0x00000000
0x0042241a
0x00422423
0x00422442
0x00422447
0x0042244a
0x00422459
0x00422466
0x00422471
0x00422471
0x00000000
0x0042247d
0x0042247d
0x00422496
0x0042249b
0x00000000
0x0042249b
0x00422466
0x004224a3
0x004224c0
0x004224c7
0x004224e5
0x004224ea
0x004224ea
0x00000000
0x004224c7
0x00421abe
0x00421abe
0x00421ac5
0x00421acb
0x00421ad1
0x00421ad4
0x00421ada
0x00421aed
0x00421aed
0x00421af4
0x00000000
0x00421e4e
0x00421e4e
0x00421e55
0x00421e5c
0x00421e5f
0x00000000
0x00000000
0x00421afb
0x00421afe
0x00421b04
0x00421b09
0x00421b0e
0x00421b0e
0x00000000
0x00000000
0x00421c3b
0x00421c3e
0x00421c43
0x00421c48
0x00421c4e
0x00421c4e
0x00000000
0x00000000
0x0042201b
0x0042201b
0x00000000
0x00000000
0x00421ba5
0x00421ba5
0x00421bb1
0x00421bbe
0x00421bcc
0x00421bcc
0x00421bd2
0x00421bd5
0x00421be1
0x00421c36
0x00000000
0x00421c36
0x00421bc0
0x00421bc0
0x00421bca
0x00421be6
0x00421be9
0x00421bef
0x00421c17
0x00421c1e
0x00421c24
0x00421c27
0x00421c2a
0x00421c30
0x00421c33
0x00421bf1
0x00421bf1
0x00421bf7
0x00421bfa
0x00421bfd
0x00421c03
0x00421c06
0x00421c09
0x00421c0b
0x00421c0e
0x00421c0e
0x00000000
0x00421bef
0x00000000
0x00000000
0x00421e65
0x00421e68
0x00421e6b
0x00421e6e
0x00421e74
0x00421e77
0x00421e82
0x00421e8d
0x00421e91
0x00421ea8
0x00421eaf
0x00421eb1
0x00421eb1
0x00421eb8
0x00421ebf
0x00421ed0
0x00421edf
0x00421ee6
0x00421efc
0x00421ee8
0x00421ee8
0x00421eeb
0x00421ef1
0x00421ef7
0x00421ef7
0x00421ee6
0x00421f06
0x00421f09
0x00421f0c
0x00421f0f
0x00421f12
0x00421f15
0x00421f1b
0x00421f21
0x00421f29
0x00421f2a
0x00421f2d
0x00421f2e
0x00421f31
0x00421f32
0x00421f39
0x00421f3a
0x00421f3d
0x00421f3e
0x00421f41
0x00421f42
0x00421f48
0x00421f49
0x00421f57
0x00421f59
0x00421f5f
0x00421f65
0x00421f6d
0x00421f75
0x00421f76
0x00421f79
0x00421f7a
0x00421f88
0x00421f8a
0x00421f8a
0x00421f8d
0x00421f97
0x00421f9c
0x00421fa2
0x00421fa4
0x00421fac
0x00421fad
0x00421fb0
0x00421fb1
0x00421fc0
0x00421fc2
0x00421fc2
0x00421fa2
0x00421fc5
0x00421fc8
0x00421fce
0x00421fd3
0x00421fd9
0x00421fdf
0x00421fe2
0x00421fe2
0x00421fe5
0x00421ff1
0x00000000
0x00421ff1
0x00421e93
0x00421e93
0x00421e9d
0x00000000
0x00000000
0x00421e9f
0x00421e9f
0x00000000
0x00421e9f
0x00421e84
0x00421e84
0x00000000
0x00000000
0x00421b11
0x00421b14
0x00421b1a
0x00421b75
0x00421b7d
0x00421b84
0x00421b8a
0x00421b90
0x00421b1c
0x00421b1c
0x00421b26
0x00421b2a
0x00421b32
0x00421b39
0x00421b46
0x00421b4d
0x00421b59
0x00421b66
0x00421b68
0x00421b68
0x00421b6f
0x00421b97
0x00421b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00421d57
0x00421d57
0x00421d63
0x00421d70
0x00421e1a
0x00421e1d
0x00421e20
0x00421e34
0x00421e3a
0x00421e40
0x00421e22
0x00421e22
0x00421e2f
0x00421e2f
0x00421e42
0x00000000
0x00421e42
0x00421d76
0x00421d76
0x00421d78
0x00421d86
0x00421d7a
0x00421d7a
0x00421d7a
0x00421d90
0x00421d96
0x00421da3
0x00421da5
0x00421daa
0x00421dac
0x00421db1
0x00421db6
0x00421db8
0x00421dbd
0x00421dc3
0x00421dc5
0x00421dc5
0x00421dc3
0x00421dcd
0x00421e15
0x00000000
0x00421dcf
0x00421dcf
0x00421dd4
0x00421df0
0x00421df8
0x00421e02
0x00421e05
0x00421e0a
0x00000000
0x00421e0a
0x00000000
0x0042205c
0x0042205c
0x00422066
0x0042206c
0x00422071
0x00422077
0x00422077
0x00000000
0x00000000
0x00422014
0x00422014
0x00000000
0x00000000
0x00421c51
0x00421c55
0x00421c63
0x00421c66
0x00421c57
0x00421c57
0x00421c57
0x00421c6c
0x00421c72
0x00421c78
0x00421c84
0x00421c8a
0x00421c90
0x00421cf7
0x00421cfb
0x00421cfd
0x00421d03
0x00421d03
0x00421d06
0x00421d09
0x00421d0f
0x00421d0f
0x00421d0f
0x00421d1b
0x00421d1e
0x00421d26
0x00000000
0x00000000
0x00421d28
0x00421d28
0x00421d2e
0x00421d33
0x00000000
0x00000000
0x00421d35
0x00421d3b
0x00421d3e
0x00421d3e
0x00421d46
0x00421d4c
0x00421d4f
0x00000000
0x00421c92
0x00421c92
0x00421c96
0x00421c98
0x00421c9d
0x00421c9d
0x00421ca0
0x00421ca7
0x00421caa
0x00421cb0
0x00421cb0
0x00421cb0
0x00421cbc
0x00421cbf
0x00421cc7
0x00000000
0x00000000
0x00421cc9
0x00421cc9
0x00421ccf
0x00421cd4
0x00000000
0x00000000
0x00421cd6
0x00421cdc
0x00421cdf
0x00421cdf
0x00421ce7
0x00421ced
0x00421cf0
0x00421cf2
0x00421d52
0x00000000
0x00421d52
0x00000000
0x0042200b
0x0042200b
0x00000000
0x00000000
0x00422027
0x00422027
0x00422031
0x00422031
0x0042203b
0x00422041
0x00422043
0x0042204d
0x00422050
0x00422053
0x00422053
0x00000000
0x00000000
0x00000000
0x00000000
0x00421af4
0x00422302
0x00422302
0x00422302
0x00422302
0x00422302
0x00422302
0x00422302
0x0042215f
0x00422156
0x0042207a
0x0042207a
0x0042207a

APIs

_get_int64_arg.LIBCMTD ref: 00422088
_get_int64_arg.LIBCMTD ref: 004220B0
__aullrem.LIBCMT ref: 00422255
__aulldiv.LIBCMT ref: 00422277
_write_multi_char.LIBCMTD ref: 0042237E
_write_string.LIBCMTD ref: 00422399
_write_multi_char.LIBCMTD ref: 004223C5
_wctomb_s.LIBCMTD ref: 00422442

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\output.c, xrefs: 004216B9, 004216E9
9, xrefs: 00422288
_output_s_l, xrefs: 004216EE
-, xrefs: 0042231E
("Incorrect format specifier", 0), xrefs: 004216AD, 004216F3

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem_wctomb_s_write_string
String ID: ("Incorrect format specifier", 0)$-$9$_output_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
API String ID: 3451365851-3266125857
Opcode ID: db9c49ed10f7687a94a840ba406dc7d1ca4528ebe3f7370a87f193e352306527
Instruction ID: 20e61ad83f853a29f1d35466c5197ba297317504c9a11d4adcbda77126cda7df
Opcode Fuzzy Hash: db9c49ed10f7687a94a840ba406dc7d1ca4528ebe3f7370a87f193e352306527
Instruction Fuzzy Hash: 22F14AB0E012299FDB24CF54DD89BAEB7B1BB48304F5481DAE409AB291D7785E80CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0042389B Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 365
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E0042389B(void* __ebx, signed int __edx, void* __edi, void* __esi) {
				signed int _t485;
				signed int _t504;
				void* _t509;
				signed int _t511;
				void* _t519;
				void* _t537;
				intOrPtr _t541;
				signed int _t558;
				signed short _t559;
				signed int _t562;
				signed int _t565;
				signed int _t566;
				void* _t567;
				signed int _t621;
				signed int _t623;
				signed int _t625;
				signed int _t632;
				signed int _t644;
				signed int _t671;
				void* _t672;
				void* _t673;
				signed int _t674;
				void* _t676;
				void* _t677;
				signed int _t683;

				L0:
				while(1) {
					L0:
					_t673 = __esi;
					_t672 = __edi;
					_t621 = __edx;
					_t567 = __ebx;
					 *(_t674 - 0x10) =  *(_t674 - 0x10) | 0x00000040;
					 *(_t674 - 8) = 0xa;
					L150:
					while(1) {
						L150:
						while(1) {
							L150:
							while(1) {
								L150:
								if(( *(_t674 - 0x10) & 0x00008000) == 0) {
									_t623 =  *(_t674 - 0x10) & 0x00001000;
									if(_t623 == 0) {
										if(( *(_t674 - 0x10) & 0x00000020) == 0) {
											_t625 =  *(_t674 - 0x10) & 0x00000040;
											if(_t625 == 0) {
												_t485 = E0041C290(_t674 + 0x14);
												_t677 = _t676 + 4;
												 *(_t674 - 0x4a0) = _t485;
												 *(_t674 - 0x49c) = 0;
											} else {
												_t558 = E0041C290(_t674 + 0x14);
												_t677 = _t676 + 4;
												asm("cdq");
												 *(_t674 - 0x4a0) = _t558;
												 *(_t674 - 0x49c) = _t625;
											}
										} else {
											_t671 =  *(_t674 - 0x10) & 0x00000040;
											if(_t671 == 0) {
												_t559 = E0041C290(_t674 + 0x14);
												_t677 = _t676 + 4;
												asm("cdq");
												 *(_t674 - 0x4a0) = _t559 & 0x0000ffff;
												 *(_t674 - 0x49c) = _t671;
											} else {
												_t562 = E0041C290(_t674 + 0x14);
												_t677 = _t676 + 4;
												asm("cdq");
												 *(_t674 - 0x4a0) = _t562;
												 *(_t674 - 0x49c) = _t671;
											}
										}
									} else {
										_t565 = E0041C2B0(_t674 + 0x14);
										_t677 = _t676 + 4;
										 *(_t674 - 0x4a0) = _t565;
										 *(_t674 - 0x49c) = _t623;
									}
								} else {
									_t566 = E0041C2B0(_t674 + 0x14);
									_t677 = _t676 + 4;
									 *(_t674 - 0x4a0) = _t566;
									 *(_t674 - 0x49c) = _t621;
								}
								if(( *(_t674 - 0x10) & 0x00000040) == 0) {
									L167:
									 *(_t674 - 0x4a8) =  *(_t674 - 0x4a0);
									 *(_t674 - 0x4a4) =  *(_t674 - 0x49c);
									goto L168;
								} else {
									L163:
									_t683 =  *(_t674 - 0x49c);
									if(_t683 > 0 || _t683 >= 0 &&  *(_t674 - 0x4a0) >= 0) {
										goto L167;
									} else {
										L166:
										asm("adc edx, 0x0");
										 *(_t674 - 0x4a8) =  ~( *(_t674 - 0x4a0));
										 *(_t674 - 0x4a4) =  ~( *(_t674 - 0x49c));
										 *(_t674 - 0x10) =  *(_t674 - 0x10) | 0x00000100;
										L168:
										if(( *(_t674 - 0x10) & 0x00008000) == 0 && ( *(_t674 - 0x10) & 0x00001000) == 0) {
											 *(_t674 - 0x4a4) =  *(_t674 - 0x4a4) & 0x00000000;
										}
										if( *(_t674 - 0x30) >= 0) {
											 *(_t674 - 0x10) =  *(_t674 - 0x10) & 0xfffffff7;
											if( *(_t674 - 0x30) > 0x200) {
												 *(_t674 - 0x30) = 0x200;
											}
										} else {
											 *(_t674 - 0x30) = 1;
										}
										if(( *(_t674 - 0x4a8) |  *(_t674 - 0x4a4)) == 0) {
											 *(_t674 - 0x1c) = 0;
										}
										 *((intOrPtr*)(_t674 - 4)) = _t674 - 0x249;
										while(1) {
											L178:
											_t631 =  *(_t674 - 0x30) - 1;
											 *(_t674 - 0x30) =  *(_t674 - 0x30) - 1;
											if( *(_t674 - 0x30) <= 0 && ( *(_t674 - 0x4a8) |  *(_t674 - 0x4a4)) == 0) {
												break;
											}
											L180:
											asm("cdq");
											_t632 =  *(_t674 - 0x4a8);
											 *((intOrPtr*)(_t674 - 0x494)) = E0041CE40(_t632,  *(_t674 - 0x4a4),  *(_t674 - 8), _t631) + 0x30;
											asm("cdq");
											 *(_t674 - 0x4a8) = E0041CDD0( *(_t674 - 0x4a8),  *(_t674 - 0x4a4),  *(_t674 - 8), _t632);
											 *(_t674 - 0x4a4) = _t632;
											if( *((intOrPtr*)(_t674 - 0x494)) > 0x39) {
												 *((intOrPtr*)(_t674 - 0x494)) =  *((intOrPtr*)(_t674 - 0x494)) +  *((intOrPtr*)(_t674 - 0x460));
											}
											 *((char*)( *((intOrPtr*)(_t674 - 4)))) =  *((intOrPtr*)(_t674 - 0x494));
											 *((intOrPtr*)(_t674 - 4)) =  *((intOrPtr*)(_t674 - 4)) - 1;
										}
										L183:
										 *((intOrPtr*)(_t674 - 0x24)) = _t674 - 0x249 -  *((intOrPtr*)(_t674 - 4));
										 *((intOrPtr*)(_t674 - 4)) =  *((intOrPtr*)(_t674 - 4)) + 1;
										if(( *(_t674 - 0x10) & 0x00000200) != 0 && ( *((intOrPtr*)(_t674 - 0x24)) == 0 ||  *((char*)( *((intOrPtr*)(_t674 - 4)))) != 0x30)) {
											 *((intOrPtr*)(_t674 - 4)) =  *((intOrPtr*)(_t674 - 4)) - 1;
											 *((char*)( *((intOrPtr*)(_t674 - 4)))) = 0x30;
											 *((intOrPtr*)(_t674 - 0x24)) =  *((intOrPtr*)(_t674 - 0x24)) + 1;
										}
										L187:
										while(1) {
											L187:
											while(1) {
												L187:
												while(1) {
													L187:
													while(1) {
														L187:
														while(1) {
															L187:
															while(1) {
																L187:
																while(1) {
																	do {
																		L187:
																		if( *((intOrPtr*)(_t674 - 0x28)) != 0) {
																			L212:
																			if( *(_t674 - 0x20) != 0) {
																				L0040C240( *(_t674 - 0x20), 2);
																				_t677 = _t677 + 8;
																				 *(_t674 - 0x20) = 0;
																			}
																			while(1) {
																				L214:
																				 *(_t674 - 0x454) =  *((intOrPtr*)( *((intOrPtr*)(_t674 + 0xc))));
																				_t580 =  *(_t674 - 0x454) & 0x0000ffff;
																				 *((intOrPtr*)(_t674 + 0xc)) =  *((intOrPtr*)(_t674 + 0xc)) + 2;
																				if(( *(_t674 - 0x454) & 0x0000ffff) == 0 ||  *(_t674 - 0x44c) < 0) {
																					break;
																				} else {
																					if(( *(_t674 - 0x454) & 0x0000ffff) < 0x20 || ( *(_t674 - 0x454) & 0x0000ffff) > 0x78) {
																						 *(_t674 - 0x4d8) = 0;
																					} else {
																						 *(_t674 - 0x4d8) =  *(( *(_t674 - 0x454) & 0x0000ffff) + L"pecifier\", 0)") & 0xf;
																					}
																				}
																				L7:
																				 *(_t674 - 0x450) =  *(_t674 - 0x4d8);
																				_t644 =  *(_t674 - 0x450) * 9;
																				_t511 =  *(_t674 - 0x45c);
																				_t588 = ( *(_t644 + _t511 + 0x4083d0) & 0x000000ff) >> 4;
																				 *(_t674 - 0x45c) = ( *(_t644 + _t511 + 0x4083d0) & 0x000000ff) >> 4;
																				if( *(_t674 - 0x45c) != 8) {
																					L16:
																					 *(_t674 - 0x4e0) =  *(_t674 - 0x45c);
																					if( *(_t674 - 0x4e0) > 7) {
																						continue;
																					}
																					L17:
																					switch( *((intOrPtr*)( *(_t674 - 0x4e0) * 4 +  &M00423E84))) {
																						case 0:
																							L18:
																							 *(_t674 - 0xc) = 1;
																							E00423F90( *(_t674 - 0x454) & 0x0000ffff,  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
																							_t677 = _t677 + 0xc;
																							goto L214;
																						case 1:
																							L19:
																							 *(__ebp - 0x2c) = 0;
																							__ecx =  *(__ebp - 0x2c);
																							 *(__ebp - 0x28) = __ecx;
																							__edx =  *(__ebp - 0x28);
																							 *(__ebp - 0x18) =  *(__ebp - 0x28);
																							__eax =  *(__ebp - 0x18);
																							 *(__ebp - 0x1c) =  *(__ebp - 0x18);
																							 *(__ebp - 0x10) = 0;
																							 *(__ebp - 0x30) = 0xffffffff;
																							 *(__ebp - 0xc) = 0;
																							goto L214;
																						case 2:
																							L20:
																							__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																							 *(__ebp - 0x4e4) = __ecx;
																							 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
																							 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
																							if( *(__ebp - 0x4e4) > 0x10) {
																								goto L27;
																							}
																							L21:
																							_t59 =  *(__ebp - 0x4e4) + 0x423ebc; // 0x498d04
																							__ecx =  *_t59 & 0x000000ff;
																							switch( *((intOrPtr*)(__ecx * 4 +  &M00423EA4))) {
																								case 0:
																									goto L24;
																								case 1:
																									goto L25;
																								case 2:
																									goto L23;
																								case 3:
																									goto L22;
																								case 4:
																									goto L26;
																								case 5:
																									goto L27;
																							}
																						case 3:
																							L28:
																							__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																							if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
																								 *(__ebp - 0x18) =  *(__ebp - 0x18) * 0xa;
																								_t83 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
																								__ecx =  *(__ebp - 0x18) * 0xa + _t83;
																								 *(__ebp - 0x18) = __ecx;
																							} else {
																								__edx = __ebp + 0x14;
																								 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
																								if( *(__ebp - 0x18) < 0) {
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																									__ecx =  *(__ebp - 0x18);
																									__ecx =  ~( *(__ebp - 0x18));
																									 *(__ebp - 0x18) = __ecx;
																								}
																							}
																							goto L214;
																						case 4:
																							L34:
																							 *(__ebp - 0x30) = 0;
																							goto L214;
																						case 5:
																							L35:
																							__edx =  *(__ebp - 0x454) & 0x0000ffff;
																							if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
																								__ecx =  *(__ebp - 0x30);
																								__ecx =  *(__ebp - 0x30) * 0xa;
																								_t94 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
																								__eax = __ecx + _t94;
																								 *(__ebp - 0x30) = __ecx + _t94;
																							} else {
																								__eax = __ebp + 0x14;
																								 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
																								if( *(__ebp - 0x30) < 0) {
																									 *(__ebp - 0x30) = 0xffffffff;
																								}
																							}
																							goto L214;
																						case 6:
																							L41:
																							__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																							 *(__ebp - 0x4e8) = __ecx;
																							 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
																							 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
																							if( *(__ebp - 0x4e8) > 0x2e) {
																								L64:
																								goto L214;
																							}
																							L42:
																							_t102 =  *(__ebp - 0x4e8) + 0x423ee4; // 0x36f19003
																							__ecx =  *_t102 & 0x000000ff;
																							switch( *((intOrPtr*)(__ecx * 4 +  &M00423ED0))) {
																								case 0:
																									L47:
																									__ecx =  *(__ebp + 0xc);
																									__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																									if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x36) {
																										L50:
																										__ecx =  *(__ebp + 0xc);
																										__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																										if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x33) {
																											L53:
																											__ecx =  *(__ebp + 0xc);
																											__edx =  *__ecx & 0x0000ffff;
																											if(( *__ecx & 0x0000ffff) == 0x64) {
																												L59:
																												L61:
																												goto L64;
																											}
																											L54:
																											__eax =  *(__ebp + 0xc);
																											__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																											if(__ecx == 0x69) {
																												goto L59;
																											}
																											L55:
																											__edx =  *(__ebp + 0xc);
																											__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																											if(( *( *(__ebp + 0xc)) & 0x0000ffff) == 0x6f) {
																												goto L59;
																											}
																											L56:
																											__ecx =  *(__ebp + 0xc);
																											__edx =  *__ecx & 0x0000ffff;
																											if(( *__ecx & 0x0000ffff) == 0x75) {
																												goto L59;
																											}
																											L57:
																											__eax =  *(__ebp + 0xc);
																											__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																											if(__ecx == 0x78) {
																												goto L59;
																											}
																											L58:
																											__edx =  *(__ebp + 0xc);
																											__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																											if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x58) {
																												 *(__ebp - 0x45c) = 0;
																												goto L18;
																											}
																											goto L59;
																										}
																										L51:
																										__eax =  *(__ebp + 0xc);
																										__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
																										if(__ecx != 0x32) {
																											goto L53;
																										} else {
																											 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																											 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																											 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
																											 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
																											goto L61;
																										}
																									}
																									L48:
																									__eax =  *(__ebp + 0xc);
																									__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
																									if(__ecx != 0x34) {
																										goto L50;
																									} else {
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
																										goto L61;
																									}
																								case 1:
																									L62:
																									__ecx =  *(__ebp - 0x10);
																									__ecx =  *(__ebp - 0x10) | 0x00000020;
																									 *(__ebp - 0x10) = __ecx;
																									goto L64;
																								case 2:
																									L43:
																									__edx =  *(__ebp + 0xc);
																									__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																									if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x6c) {
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000010;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000010;
																									} else {
																										__ecx =  *(__ebp + 0xc);
																										__ecx =  *(__ebp + 0xc) + 2;
																										 *(__ebp + 0xc) = __ecx;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																									}
																									goto L64;
																								case 3:
																									L63:
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																									goto L64;
																								case 4:
																									goto L64;
																							}
																						case 7:
																							goto L65;
																						case 8:
																							L24:
																							__ecx =  *(__ebp - 0x10);
																							__ecx =  *(__ebp - 0x10) | 0x00000002;
																							 *(__ebp - 0x10) = __ecx;
																							goto L27;
																						case 9:
																							L25:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																							goto L27;
																						case 0xa:
																							L23:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
																							goto L27;
																						case 0xb:
																							L22:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																							goto L27;
																						case 0xc:
																							L26:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000008;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000008;
																							goto L27;
																						case 0xd:
																							L27:
																							goto L214;
																					}
																				} else {
																					_t642 = 0;
																					if(0 == 0) {
																						 *(_t674 - 0x4dc) = 0;
																					} else {
																						 *(_t674 - 0x4dc) = 1;
																					}
																					 *(_t674 - 0x46c) =  *(_t674 - 0x4dc);
																					if( *(_t674 - 0x46c) == 0) {
																						_push(L"(\"Incorrect format specifier\", 0)");
																						_push(0);
																						_push(0x460);
																						_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																						_push(2);
																						_t519 = L0040E1A0();
																						_t677 = _t677 + 0x14;
																						if(_t519 == 1) {
																							asm("int3");
																						}
																					}
																					L14:
																					if( *(_t674 - 0x46c) != 0) {
																						goto L16;
																					} else {
																						 *((intOrPtr*)(L0040EC70(_t588))) = 0x16;
																						E00411A50(_t567, _t588, _t672, _t673, L"(\"Incorrect format specifier\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
																						 *(_t674 - 0x4c8) = 0xffffffff;
																						E0040D380(_t674 - 0x40);
																						_t504 =  *(_t674 - 0x4c8);
																						L225:
																						return E00416CA0(_t504, _t567,  *(_t674 - 0x48) ^ _t674, _t642, _t672, _t673);
																					}
																				}
																			}
																			L215:
																			if( *(_t674 - 0x45c) == 0 ||  *(_t674 - 0x45c) == 7) {
																				 *(_t674 - 0x4f8) = 1;
																			} else {
																				 *(_t674 - 0x4f8) = 0;
																			}
																			_t642 =  *(_t674 - 0x4f8);
																			 *(_t674 - 0x4bc) =  *(_t674 - 0x4f8);
																			if( *(_t674 - 0x4bc) == 0) {
																				_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
																				_push(0);
																				_push(0x8f5);
																				_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																				_push(2);
																				_t509 = L0040E1A0();
																				_t677 = _t677 + 0x14;
																				if(_t509 == 1) {
																					asm("int3");
																				}
																			}
																			if( *(_t674 - 0x4bc) != 0) {
																				 *(_t674 - 0x4d4) =  *(_t674 - 0x44c);
																				E0040D380(_t674 - 0x40);
																				_t504 =  *(_t674 - 0x4d4);
																			} else {
																				 *((intOrPtr*)(L0040EC70(_t580))) = 0x16;
																				E00411A50(_t567, _t580, _t672, _t673, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
																				 *(_t674 - 0x4d0) = 0xffffffff;
																				E0040D380(_t674 - 0x40);
																				_t504 =  *(_t674 - 0x4d0);
																			}
																			goto L225;
																		}
																		L188:
																		if(( *(_t674 - 0x10) & 0x00000040) != 0) {
																			if(( *(_t674 - 0x10) & 0x00000100) == 0) {
																				if(( *(_t674 - 0x10) & 0x00000001) == 0) {
																					if(( *(_t674 - 0x10) & 0x00000002) != 0) {
																						 *((short*)(_t674 - 0x14)) = 0x20;
																						 *(_t674 - 0x1c) = 1;
																					}
																				} else {
																					 *((short*)(_t674 - 0x14)) = 0x2b;
																					 *(_t674 - 0x1c) = 1;
																				}
																			} else {
																				 *((short*)(_t674 - 0x14)) = 0x2d;
																				 *(_t674 - 0x1c) = 1;
																			}
																		}
																		 *((intOrPtr*)(_t674 - 0x4ac)) =  *((intOrPtr*)(_t674 - 0x18)) -  *((intOrPtr*)(_t674 - 0x24)) -  *(_t674 - 0x1c);
																		if(( *(_t674 - 0x10) & 0x0000000c) == 0) {
																			E00423FF0(0x20,  *((intOrPtr*)(_t674 - 0x4ac)),  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
																			_t677 = _t677 + 0x10;
																		}
																		E00424030( *(_t674 - 0x1c), _t674 - 0x14,  *(_t674 - 0x1c),  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
																		_t677 = _t677 + 0x10;
																		if(( *(_t674 - 0x10) & 0x00000008) != 0 && ( *(_t674 - 0x10) & 0x00000004) == 0) {
																			E00423FF0(0x30,  *((intOrPtr*)(_t674 - 0x4ac)),  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
																			_t677 = _t677 + 0x10;
																		}
																		if( *(_t674 - 0xc) != 0 ||  *((intOrPtr*)(_t674 - 0x24)) <= 0) {
																			L208:
																			E00424030( *((intOrPtr*)(_t674 - 0x24)),  *((intOrPtr*)(_t674 - 4)),  *((intOrPtr*)(_t674 - 0x24)),  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
																			_t677 = _t677 + 0x10;
																			goto L209;
																		} else {
																			L202:
																			 *((intOrPtr*)(_t674 - 0x4b0)) =  *((intOrPtr*)(_t674 - 4));
																			 *((intOrPtr*)(_t674 - 0x4b4)) =  *((intOrPtr*)(_t674 - 0x24));
																			while(1) {
																				L203:
																				 *((intOrPtr*)(_t674 - 0x4b4)) =  *((intOrPtr*)(_t674 - 0x4b4)) - 1;
																				if( *((intOrPtr*)(_t674 - 0x4b4)) <= 0) {
																					break;
																				}
																				L204:
																				_t537 = E0040D3B0(_t674 - 0x40);
																				_t541 = E00419150(_t674 - 0x458,  *((intOrPtr*)(_t674 - 0x4b0)),  *((intOrPtr*)( *((intOrPtr*)(E0040D3B0(_t674 - 0x40))) + 0xac)), _t537);
																				_t677 = _t677 + 0x10;
																				 *((intOrPtr*)(_t674 - 0x4b8)) = _t541;
																				if( *((intOrPtr*)(_t674 - 0x4b8)) > 0) {
																					L206:
																					E00423F90( *(_t674 - 0x458) & 0x0000ffff,  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
																					_t677 = _t677 + 0xc;
																					 *((intOrPtr*)(_t674 - 0x4b0)) =  *((intOrPtr*)(_t674 - 0x4b0)) +  *((intOrPtr*)(_t674 - 0x4b8));
																					continue;
																				}
																				L205:
																				 *(_t674 - 0x44c) = 0xffffffff;
																				break;
																			}
																			L207:
																			L209:
																			if( *(_t674 - 0x44c) >= 0 && ( *(_t674 - 0x10) & 0x00000004) != 0) {
																				E00423FF0(0x20,  *((intOrPtr*)(_t674 - 0x4ac)),  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
																				_t677 = _t677 + 0x10;
																			}
																			goto L212;
																		}
																		L65:
																		__eax =  *(__ebp - 0x454) & 0x0000ffff;
																		 *(__ebp - 0x4ec) =  *(__ebp - 0x454) & 0x0000ffff;
																		__ecx =  *(__ebp - 0x4ec);
																		__ecx =  *(__ebp - 0x4ec) - 0x41;
																		 *(__ebp - 0x4ec) = __ecx;
																	} while ( *(__ebp - 0x4ec) > 0x37);
																	__edx =  *(__ebp - 0x4ec);
																	_t143 = __edx + 0x423f50; // 0xcccccc0d
																	__eax =  *_t143 & 0x000000ff;
																	switch( *((intOrPtr*)(( *_t143 & 0x000000ff) * 4 +  &M00423F14))) {
																		case 0:
																			L120:
																			 *(__ebp - 0x2c) = 1;
																			 *(__ebp - 0x454) & 0x0000ffff = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
																			 *(__ebp - 0x454) = __ax;
																			goto L121;
																		case 1:
																			L67:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																			}
																			goto L69;
																		case 2:
																			L82:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																			}
																			goto L84;
																		case 3:
																			L143:
																			 *((intOrPtr*)(__ebp - 0x460)) = 7;
																			goto L145;
																		case 4:
																			L75:
																			__eax = __ebp + 0x14;
																			 *(__ebp - 0x474) = E0041C290(__ebp + 0x14);
																			if( *(__ebp - 0x474) == 0) {
																				L77:
																				__edx =  *0x60b4f0; // 0x407424
																				 *(__ebp - 4) = __edx;
																				__eax =  *(__ebp - 4);
																				 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																				L81:
																				goto L187;
																			}
																			L76:
																			__ecx =  *(__ebp - 0x474);
																			if( *((intOrPtr*)( *(__ebp - 0x474) + 4)) != 0) {
																				L78:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
																				if(( *(__ebp - 0x10) & 0x00000800) == 0) {
																					 *(__ebp - 0xc) = 0;
																					__edx =  *(__ebp - 0x474);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x474);
																					__edx =  *__ecx;
																					 *(__ebp - 0x24) =  *__ecx;
																				} else {
																					__edx =  *(__ebp - 0x474);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x474);
																					__eax =  *__ecx;
																					asm("cdq");
																					 *__ecx - __edx =  *__ecx - __edx >> 1;
																					 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
																					 *(__ebp - 0xc) = 1;
																				}
																				goto L81;
																			}
																			goto L77;
																		case 5:
																			L121:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			__edx = __ebp - 0x448;
																			 *(__ebp - 4) = __ebp - 0x448;
																			 *(__ebp - 0x44) = 0x200;
																			if( *(__ebp - 0x30) >= 0) {
																				L123:
																				if( *(__ebp - 0x30) != 0) {
																					L126:
																					if( *(__ebp - 0x30) > 0x200) {
																						 *(__ebp - 0x30) = 0x200;
																					}
																					L128:
																					if( *(__ebp - 0x30) > 0xa3) {
																						__ecx =  *(__ebp - 0x30);
																						__ecx =  *(__ebp - 0x30) + 0x15d;
																						 *(__ebp - 0x20) = L0040B5C0( *(__ebp - 0x30) + 0x15d,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																						if( *(__ebp - 0x20) == 0) {
																							 *(__ebp - 0x30) = 0xa3;
																						} else {
																							__edx =  *(__ebp - 0x20);
																							 *(__ebp - 4) =  *(__ebp - 0x20);
																							 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																							 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																						}
																					}
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					__edx =  *(__ebp + 0x14);
																					__eax =  *(__edx - 8);
																					__ecx =  *(__edx - 4);
																					 *(__ebp - 0x490) =  *(__edx - 8);
																					 *(__ebp - 0x48c) =  *(__edx - 4);
																					__ecx = __ebp - 0x40;
																					_push(E0040D3B0(__ebp - 0x40));
																					__edx =  *(__ebp - 0x2c);
																					_push( *(__ebp - 0x2c));
																					__eax =  *(__ebp - 0x30);
																					_push( *(__ebp - 0x30));
																					__ecx =  *(__ebp - 0x454);
																					_push( *(__ebp - 0x454));
																					__edx =  *(__ebp - 0x44);
																					_push( *(__ebp - 0x44));
																					__eax =  *(__ebp - 4);
																					_push( *(__ebp - 4));
																					__ecx = __ebp - 0x490;
																					_push(__ebp - 0x490);
																					__edx =  *0x60b3cc; // 0x7e8c4bdb
																					E00410200(__edx) =  *__eax();
																					__esp = __esp + 0x1c;
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																					if(( *(__ebp - 0x10) & 0x00000080) != 0 &&  *(__ebp - 0x30) == 0) {
																						__ecx = __ebp - 0x40;
																						_push(E0040D3B0(__ebp - 0x40));
																						__ecx =  *(__ebp - 4);
																						_push( *(__ebp - 4));
																						__edx =  *0x60b3d8; // 0x7e8c4bdb
																						E00410200(__edx) =  *__eax();
																						__esp = __esp + 8;
																					}
																					__eax =  *(__ebp - 0x454) & 0x0000ffff;
																					if(( *(__ebp - 0x454) & 0x0000ffff) == 0x67) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																						if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																							__ecx = __ebp - 0x40;
																							_push(E0040D3B0(__ebp - 0x40));
																							__edx =  *(__ebp - 4);
																							_push( *(__ebp - 4));
																							__eax =  *0x60b3d4; // 0x7e8c4bdb
																							__eax =  *__eax();
																							__esp = __esp + 8;
																						}
																					}
																					__ecx =  *(__ebp - 4);
																					__edx =  *( *(__ebp - 4));
																					if( *( *(__ebp - 4)) == 0x2d) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						 *(__ebp - 4) =  *(__ebp - 4) + 1;
																						 *(__ebp - 4) =  *(__ebp - 4) + 1;
																					}
																					__edx =  *(__ebp - 4);
																					 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																					goto L187;
																				}
																				L124:
																				__eax =  *(__ebp - 0x454) & 0x0000ffff;
																				if(( *(__ebp - 0x454) & 0x0000ffff) != 0x67) {
																					goto L126;
																				}
																				L125:
																				 *(__ebp - 0x30) = 1;
																				goto L128;
																			}
																			L122:
																			 *(__ebp - 0x30) = 6;
																			goto L128;
																		case 6:
																			L69:
																			 *(__ebp - 0xc) = 1;
																			__ebp + 0x14 = E0041C290(__ebp + 0x14);
																			 *(__ebp - 0x458) = __ax;
																			__ecx =  *(__ebp - 0x10);
																			__ecx =  *(__ebp - 0x10) & 0x00000020;
																			if(__ecx == 0) {
																				 *(__ebp - 0x448) =  *(__ebp - 0x458);
																			} else {
																				 *(__ebp - 0x458) & 0x0000ffff =  *(__ebp - 0x458) & 0xff;
																				 *(__ebp - 0x470) = __dl;
																				 *((char*)(__ebp - 0x46f)) = 0;
																				__ecx = __ebp - 0x40;
																				__eax = E0040D3B0(__ebp - 0x40);
																				__ecx = __ebp - 0x40;
																				E0040D3B0(__ebp - 0x40) =  *__eax;
																				__ecx =  *(__ebp - 0x448 + 0xac);
																				__edx = __ebp - 0x470;
																				__eax = __ebp - 0x448;
																				if(E00419150(__ebp - 0x448, __ebp - 0x470,  *(__ebp - 0x448 + 0xac), __ebp - 0x448) < 0) {
																					 *(__ebp - 0x28) = 1;
																				}
																			}
																			__edx = __ebp - 0x448;
																			 *(__ebp - 4) = __ebp - 0x448;
																			 *(__ebp - 0x24) = 1;
																			goto L187;
																		case 7:
																			goto L0;
																		case 8:
																			L106:
																			__eax = __ebp + 0x14;
																			 *(__ebp - 0x484) = E0041C290(__ebp + 0x14);
																			if(E00420F80() != 0) {
																				L116:
																				__ecx =  *(__ebp - 0x10);
																				__ecx =  *(__ebp - 0x10) & 0x00000020;
																				if(__ecx == 0) {
																					__ecx =  *(__ebp - 0x484);
																					__edx =  *(__ebp - 0x44c);
																					 *__ecx =  *(__ebp - 0x44c);
																				} else {
																					__edx =  *(__ebp - 0x484);
																					__ax =  *(__ebp - 0x44c);
																					 *( *(__ebp - 0x484)) = __ax;
																				}
																				 *(__ebp - 0x28) = 1;
																				goto L187;
																			}
																			L107:
																			__ecx = 0;
																			if(0 == 0) {
																				 *(__ebp - 0x4f4) = 0;
																			} else {
																				 *(__ebp - 0x4f4) = 1;
																			}
																			__edx =  *(__ebp - 0x4f4);
																			 *(__ebp - 0x488) =  *(__ebp - 0x4f4);
																			if( *(__ebp - 0x488) == 0) {
																				_push(L"(\"\'n\' format specifier disabled\", 0)");
																				_push(0);
																				_push(0x695);
																				_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																				_push(2);
																				__eax = L0040E1A0();
																				__esp = __esp + 0x14;
																				if(__eax == 1) {
																					asm("int3");
																				}
																			}
																			if( *(__ebp - 0x488) != 0) {
																				L115:
																				goto L187;
																			} else {
																				L114:
																				 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
																				__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
																				 *(__ebp - 0x4cc) = 0xffffffff;
																				__ecx = __ebp - 0x40;
																				__eax = E0040D380(__ecx);
																				__eax =  *(__ebp - 0x4cc);
																				goto L225;
																			}
																		case 9:
																			L148:
																			 *(__ebp - 8) = 8;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000200;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000200;
																			}
																			goto L150;
																		case 0xa:
																			L142:
																			 *(__ebp - 0x30) = 8;
																			goto L143;
																		case 0xb:
																			L84:
																			if( *(__ebp - 0x30) != 0xffffffff) {
																				__edx =  *(__ebp - 0x30);
																				 *(__ebp - 0x4f0) =  *(__ebp - 0x30);
																			} else {
																				 *(__ebp - 0x4f0) = 0x7fffffff;
																			}
																			__eax =  *(__ebp - 0x4f0);
																			 *(__ebp - 0x47c) =  *(__ebp - 0x4f0);
																			__ecx = __ebp + 0x14;
																			 *(__ebp - 4) = E0041C290(__ebp + 0x14);
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																			if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																				L98:
																				if( *(__ebp - 4) == 0) {
																					__ecx =  *0x60b4f4; // 0x407414
																					 *(__ebp - 4) = __ecx;
																				}
																				 *(__ebp - 0xc) = 1;
																				__edx =  *(__ebp - 4);
																				 *(__ebp - 0x480) =  *(__ebp - 4);
																				while(1) {
																					L101:
																					__eax =  *(__ebp - 0x47c);
																					__ecx =  *(__ebp - 0x47c);
																					__ecx =  *(__ebp - 0x47c) - 1;
																					 *(__ebp - 0x47c) = __ecx;
																					if( *(__ebp - 0x47c) == 0) {
																						break;
																					}
																					L102:
																					__edx =  *(__ebp - 0x480);
																					__eax =  *( *(__ebp - 0x480)) & 0x0000ffff;
																					if(( *( *(__ebp - 0x480)) & 0x0000ffff) == 0) {
																						break;
																					}
																					L103:
																					 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
																					 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
																				}
																				L104:
																				 *(__ebp - 0x480) =  *(__ebp - 0x480) -  *(__ebp - 4);
																				__edx =  *(__ebp - 0x480) -  *(__ebp - 4) >> 1;
																				 *(__ebp - 0x24) =  *(__ebp - 0x480) -  *(__ebp - 4) >> 1;
																				goto L105;
																			} else {
																				L88:
																				if( *(__ebp - 4) == 0) {
																					__eax =  *0x60b4f0; // 0x407424
																					 *(__ebp - 4) = __eax;
																				}
																				__ecx =  *(__ebp - 4);
																				 *(__ebp - 0x478) = __ecx;
																				 *(__ebp - 0x24) = 0;
																				while(1) {
																					L92:
																					__eax =  *(__ebp - 0x24);
																					if( *(__ebp - 0x24) >=  *(__ebp - 0x47c)) {
																						break;
																					}
																					L93:
																					__ecx =  *(__ebp - 0x478);
																					__edx =  *__ecx;
																					if( *__ecx == 0) {
																						break;
																					}
																					L94:
																					__ecx = __ebp - 0x40;
																					E0040D3B0(__ebp - 0x40) =  *(__ebp - 0x478);
																					__ecx =  *( *(__ebp - 0x478)) & 0x000000ff;
																					if(E00419390( *( *(__ebp - 0x478)) & 0x000000ff,  *(__ebp - 0x478)) != 0) {
																						 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																						 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																					}
																					 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																					 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																					 *(__ebp - 0x24) =  *(__ebp - 0x24) + 1;
																					 *(__ebp - 0x24) =  *(__ebp - 0x24) + 1;
																				}
																				L97:
																				L105:
																				goto L187;
																			}
																		case 0xc:
																			L141:
																			 *(__ebp - 8) = 0xa;
																			goto L150;
																		case 0xd:
																			L144:
																			 *((intOrPtr*)(__ebp - 0x460)) = 0x27;
																			L145:
																			 *(__ebp - 8) = 0x10;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				__edx = 0x30;
																				 *((short*)(__ebp - 0x14)) = __dx;
																				 *((intOrPtr*)(__ebp - 0x460)) =  *((intOrPtr*)(__ebp - 0x460)) + 0x51;
																				 *(__ebp - 0x12) = __ax;
																				 *(__ebp - 0x1c) = 2;
																			}
																			goto L150;
																		case 0xe:
																			goto L187;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}

0x0042389b
0x0042389b
0x0042389b
0x0042389b
0x0042389b
0x0042389b
0x0042389b
0x004238a1
0x004238a4
0x00000000
0x00423922
0x00000000
0x00423922
0x00000000
0x00423922
0x00423922
0x0042392a
0x0042394c
0x00423952
0x00423977
0x004239be
0x004239c1
0x004239e2
0x004239e7
0x004239ec
0x004239f2
0x004239c3
0x004239c7
0x004239cc
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397f
0x004239a1
0x004239a6
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423985
0x0042398a
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423958
0x0042395d
0x00423960
0x00423966
0x00423966
0x0042392c
0x00423930
0x00423935
0x00423938
0x0042393e
0x0042393e
0x004239fe
0x00423a40
0x00423a46
0x00423a52
0x00000000
0x00423a00
0x00423a00
0x00423a00
0x00423a07
0x00000000
0x00423a14
0x00423a14
0x00423a22
0x00423a27
0x00423a2d
0x00423a3b
0x00423a58
0x00423a60
0x00423a82
0x00423a82
0x00423a8c
0x00423a9d
0x00423aa7
0x00423aa9
0x00423aa9
0x00423a8e
0x00423a8e
0x00423a8e
0x00423abc
0x00423abe
0x00423abe
0x00423acb
0x00423ace
0x00423ace
0x00423ad4
0x00423ad7
0x00423adc
0x00000000
0x00000000
0x00423aec
0x00423aef
0x00423af9
0x00423b08
0x00423b11
0x00423b27
0x00423b2d
0x00423b3a
0x00423b48
0x00423b48
0x00423b57
0x00423b5f
0x00423b5f
0x00423b67
0x00423b70
0x00423b79
0x00423b85
0x00423b9e
0x00423ba4
0x00423bad
0x00423bad
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00423d90
0x00423d94
0x00423d9c
0x00423da1
0x00423da4
0x00423da4
0x00423dab
0x00423dab
0x00422f2b
0x00422f32
0x00422f3f
0x00422f44
0x00000000
0x00422f57
0x00422f61
0x00422f88
0x00422f6f
0x00422f80
0x00422f80
0x00422f61
0x00422f92
0x00422f98
0x00422fa4
0x00422fa7
0x00422fb5
0x00422fb8
0x00422fc5
0x0042306a
0x00423070
0x0042307d
0x00000000
0x00000000
0x00423083
0x00423089
0x00000000
0x00423090
0x00423090
0x004230aa
0x004230af
0x00000000
0x00000000
0x004230b7
0x004230b7
0x004230be
0x004230c1
0x004230c4
0x004230c7
0x004230ca
0x004230cd
0x004230d0
0x004230d7
0x004230de
0x00000000
0x00000000
0x004230ea
0x004230ea
0x004230f1
0x004230fd
0x00423100
0x0042310d
0x00000000
0x00000000
0x0042310f
0x00423115
0x00423115
0x0042311c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423160
0x00423160
0x0042316a
0x00423197
0x004231a1
0x004231a1
0x004231a5
0x0042316c
0x0042316c
0x00423178
0x0042317f
0x00423184
0x00423187
0x0042318a
0x0042318d
0x0042318f
0x0042318f
0x00423192
0x00000000
0x00000000
0x004231ad
0x004231ad
0x00000000
0x00000000
0x004231b9
0x004231b9
0x004231c3
0x004231e3
0x004231e6
0x004231f0
0x004231f0
0x004231f4
0x004231c5
0x004231c5
0x004231d1
0x004231d8
0x004231da
0x004231da
0x004231e1
0x00000000
0x00000000
0x004231fc
0x004231fc
0x00423203
0x0042320f
0x00423212
0x0042321f
0x00423332
0x00000000
0x00423332
0x00423225
0x0042322b
0x0042322b
0x00423232
0x00000000
0x00423269
0x00423269
0x0042326c
0x00423272
0x00423299
0x00423299
0x0042329c
0x004232a2
0x004232c6
0x004232c6
0x004232c9
0x004232cf
0x00423308
0x00423319
0x00000000
0x00423319
0x004232d1
0x004232d1
0x004232d4
0x004232da
0x00000000
0x00000000
0x004232dc
0x004232dc
0x004232df
0x004232e5
0x00000000
0x00000000
0x004232e7
0x004232e7
0x004232ea
0x004232f0
0x00000000
0x00000000
0x004232f2
0x004232f2
0x004232f5
0x004232fb
0x00000000
0x00000000
0x004232fd
0x004232fd
0x00423300
0x00423306
0x0042330a
0x00000000
0x0042330a
0x00000000
0x00423306
0x004232a4
0x004232a4
0x004232a7
0x004232ae
0x00000000
0x004232b0
0x004232b3
0x004232b6
0x004232bc
0x004232c1
0x00000000
0x004232c1
0x004232ae
0x00423274
0x00423274
0x00423277
0x0042327e
0x00000000
0x00423280
0x00423283
0x00423286
0x0042328c
0x00423291
0x00000000
0x00423291
0x00000000
0x0042331b
0x0042331b
0x0042331e
0x00423321
0x00000000
0x00000000
0x00423239
0x00423239
0x0042323c
0x00423242
0x0042325e
0x00423261
0x00423244
0x00423244
0x00423247
0x0042324a
0x00423250
0x00423256
0x00423256
0x00000000
0x00000000
0x00423326
0x00423329
0x0042332f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423139
0x00423139
0x0042313c
0x0042313f
0x00000000
0x00000000
0x00423144
0x00423147
0x0042314d
0x00000000
0x00000000
0x0042312e
0x00423131
0x00423134
0x00000000
0x00000000
0x00423123
0x00423126
0x00423129
0x00000000
0x00000000
0x00423152
0x00423155
0x00423158
0x00000000
0x00000000
0x0042315b
0x00000000
0x00000000
0x00422fcb
0x00422fcb
0x00422fcd
0x00422fdb
0x00422fcf
0x00422fcf
0x00422fcf
0x00422feb
0x00422ff8
0x00422ffa
0x00422fff
0x00423001
0x00423006
0x0042300b
0x0042300d
0x00423012
0x00423018
0x0042301a
0x0042301a
0x00423018
0x0042301b
0x00423022
0x00000000
0x00423024
0x00423029
0x00423045
0x0042304d
0x0042305a
0x0042305f
0x00423e74
0x00423e81
0x00423e81
0x00423022
0x00422fc5
0x00423db0
0x00423db7
0x00423dce
0x00423dc2
0x00423dc2
0x00423dc2
0x00423dd8
0x00423dde
0x00423deb
0x00423ded
0x00423df2
0x00423df4
0x00423df9
0x00423dfe
0x00423e00
0x00423e05
0x00423e0b
0x00423e0d
0x00423e0d
0x00423e0b
0x00423e15
0x00423e60
0x00423e69
0x00423e6e
0x00423e17
0x00423e1c
0x00423e38
0x00423e40
0x00423e4d
0x00423e52
0x00423e52
0x00000000
0x00423e15
0x00423bba
0x00423bc0
0x00423bca
0x00423be4
0x00423bfe
0x00423c05
0x00423c09
0x00423c09
0x00423be6
0x00423beb
0x00423bef
0x00423bef
0x00423bcc
0x00423bd1
0x00423bd5
0x00423bd5
0x00423bca
0x00423c19
0x00423c25
0x00423c3b
0x00423c40
0x00423c40
0x00423c56
0x00423c5b
0x00423c64
0x00423c82
0x00423c87
0x00423c87
0x00423c8e
0x00423d48
0x00423d5b
0x00423d60
0x00000000
0x00423c9e
0x00423c9e
0x00423ca1
0x00423caa
0x00423cb0
0x00423cb0
0x00423cbf
0x00423cc7
0x00000000
0x00000000
0x00423cc9
0x00423ccc
0x00423cf1
0x00423cf6
0x00423cf9
0x00423d06
0x00423d14
0x00423d27
0x00423d2c
0x00423d3b
0x00000000
0x00423d3b
0x00423d08
0x00423d08
0x00000000
0x00423d08
0x00423d46
0x00423d63
0x00423d6a
0x00423d88
0x00423d8d
0x00423d8d
0x00000000
0x00423d6a
0x00423337
0x00423337
0x0042333e
0x00423344
0x0042334a
0x0042334d
0x00423353
0x00423360
0x00423366
0x00423366
0x0042336d
0x00000000
0x004236f1
0x004236f1
0x004236ff
0x00423702
0x00000000
0x00000000
0x00423374
0x00423377
0x0042337d
0x00423382
0x00423385
0x00423385
0x00000000
0x00000000
0x004234ba
0x004234bd
0x004234c2
0x004234c7
0x004234ca
0x004234ca
0x00000000
0x00000000
0x004238bd
0x004238bd
0x00000000
0x00000000
0x00423424
0x00423424
0x00423430
0x0042343d
0x0042344b
0x0042344b
0x00423451
0x00423454
0x00423460
0x004234b5
0x00000000
0x004234b5
0x0042343f
0x0042343f
0x00423449
0x00423465
0x00423468
0x0042346e
0x00423496
0x0042349d
0x004234a3
0x004234a6
0x004234a9
0x004234af
0x004234b2
0x00423470
0x00423470
0x00423476
0x00423479
0x0042347c
0x00423482
0x00423485
0x00423488
0x0042348a
0x0042348d
0x0042348d
0x00000000
0x0042346e
0x00000000
0x00000000
0x00423709
0x0042370c
0x0042370f
0x00423712
0x00423718
0x0042371b
0x00423726
0x00423731
0x00423735
0x0042374c
0x00423753
0x00423755
0x00423755
0x0042375c
0x00423763
0x00423771
0x00423774
0x00423783
0x0042378a
0x0042379f
0x0042378c
0x0042378c
0x0042378f
0x00423795
0x0042379a
0x0042379a
0x0042378a
0x004237a9
0x004237ac
0x004237af
0x004237b2
0x004237b5
0x004237b8
0x004237be
0x004237c4
0x004237cc
0x004237cd
0x004237d0
0x004237d1
0x004237d4
0x004237d5
0x004237dc
0x004237dd
0x004237e0
0x004237e1
0x004237e4
0x004237e5
0x004237eb
0x004237ec
0x004237fb
0x004237fd
0x00423803
0x00423808
0x00423810
0x00423818
0x00423819
0x0042381c
0x0042381d
0x0042382c
0x0042382e
0x0042382e
0x00423831
0x0042383b
0x00423840
0x00423846
0x00423848
0x00423850
0x00423851
0x00423854
0x00423855
0x00423863
0x00423865
0x00423865
0x00423846
0x00423868
0x0042386b
0x00423871
0x00423876
0x0042387b
0x00423881
0x00423884
0x00423884
0x00423887
0x00423893
0x00000000
0x00423893
0x00423737
0x00423737
0x00423741
0x00000000
0x00000000
0x00423743
0x00423743
0x00000000
0x00423743
0x00423728
0x00423728
0x00000000
0x00000000
0x00423388
0x00423388
0x00423393
0x0042339b
0x004233a2
0x004233a5
0x004233a8
0x00423408
0x004233aa
0x004233b1
0x004233b7
0x004233bd
0x004233c4
0x004233c7
0x004233cd
0x004233d5
0x004233d7
0x004233de
0x004233e5
0x004233f6
0x004233f8
0x004233f8
0x004233ff
0x0042340f
0x00423415
0x00423418
0x00000000
0x00000000
0x00000000
0x00000000
0x004235fa
0x004235fa
0x00423606
0x00423613
0x004236bd
0x004236bd
0x004236c0
0x004236c3
0x004236d7
0x004236dd
0x004236e3
0x004236c5
0x004236c5
0x004236cb
0x004236d2
0x004236d2
0x004236e5
0x00000000
0x004236e5
0x00423619
0x00423619
0x0042361b
0x00423629
0x0042361d
0x0042361d
0x0042361d
0x00423633
0x00423639
0x00423646
0x00423648
0x0042364d
0x0042364f
0x00423654
0x00423659
0x0042365b
0x00423660
0x00423666
0x00423668
0x00423668
0x00423666
0x00423670
0x004236b8
0x00000000
0x00423672
0x00423672
0x00423677
0x00423693
0x0042369b
0x004236a5
0x004236a8
0x004236ad
0x00000000
0x004236ad
0x00000000
0x00423904
0x00423904
0x0042390e
0x00423914
0x00423919
0x0042391f
0x0042391f
0x00000000
0x00000000
0x004238b6
0x004238b6
0x00000000
0x00000000
0x004234cd
0x004234d1
0x004234df
0x004234e2
0x004234d3
0x004234d3
0x004234d3
0x004234e8
0x004234ee
0x004234f4
0x00423500
0x00423506
0x00423509
0x00423591
0x00423595
0x00423597
0x0042359d
0x0042359d
0x004235a0
0x004235a7
0x004235aa
0x004235b0
0x004235b0
0x004235b0
0x004235b6
0x004235bc
0x004235bf
0x004235c7
0x00000000
0x00000000
0x004235c9
0x004235c9
0x004235cf
0x004235d4
0x00000000
0x00000000
0x004235d6
0x004235dc
0x004235df
0x004235df
0x004235e7
0x004235ed
0x004235f0
0x004235f2
0x00000000
0x0042350f
0x0042350f
0x00423513
0x00423515
0x0042351a
0x0042351a
0x0042351d
0x00423520
0x00423526
0x00423538
0x00423538
0x00423538
0x00423541
0x00000000
0x00000000
0x00423543
0x00423543
0x00423549
0x0042354e
0x00000000
0x00000000
0x00423550
0x00423550
0x00423559
0x0042355f
0x0042356d
0x00423575
0x00423578
0x00423578
0x00423584
0x00423587
0x00423532
0x00423535
0x00423535
0x0042358f
0x004235f5
0x00000000
0x004235f5
0x00000000
0x004238ad
0x004238ad
0x00000000
0x00000000
0x004238c9
0x004238c9
0x004238d3
0x004238d3
0x004238dd
0x004238e3
0x004238e5
0x004238ea
0x004238f4
0x004238f7
0x004238fb
0x004238fb
0x00000000
0x00000000
0x00000000
0x00000000
0x0042336d
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb0
0x00423a07
0x004239fe
0x00423922
0x00423922
0x00423922

APIs

_get_int64_arg.LIBCMTD ref: 00423930
_get_int64_arg.LIBCMTD ref: 00423958
__aullrem.LIBCMT ref: 00423B00
__aulldiv.LIBCMT ref: 00423B22
_write_multi_char.LIBCMTD ref: 00423C3B
_write_string.LIBCMTD ref: 00423C56
_write_multi_char.LIBCMTD ref: 00423C82
__mbtowc_l.LIBCMTD ref: 00423CF1

Strings

9, xrefs: 00423B33
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c, xrefs: 00423006, 00423036
_woutput_s_l, xrefs: 0042303B
("Incorrect format specifier", 0), xrefs: 00422FFA, 00423040

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem__mbtowc_l_write_string
String ID: ("Incorrect format specifier", 0)$9$_woutput_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
API String ID: 3455034128-2408376751
Opcode ID: 6f2a798db55e4a7cf6209d4ba5a920d7c5354e6626bcc809b6feb83814e459b9
Instruction ID: c187653df57bb1a9f465db3ba75020c3650336f8aded395c2ef10ecf92f4a372
Opcode Fuzzy Hash: 6f2a798db55e4a7cf6209d4ba5a920d7c5354e6626bcc809b6feb83814e459b9
Instruction Fuzzy Hash: FAF17CB1E002299FDB24CF48DC81BAEB7B1BF85305F5441EAE249A7241D7389E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00409B30 Relevance: 33.3, APIs: 14, Strings: 5, Instructions: 75
timepipethreadCOMMON

Download Yara Rule

C-Code - Quality: 73%

			E00409B30(intOrPtr _a4) {
				struct _DCB _v28;
				struct _COMMTIMEOUTS _v48;
				long _v60;
				intOrPtr _t12;
				intOrPtr _t14;
				void** _t33;

				if( *0x6328e4 == 0x37) {
					_v48.ReadTotalTimeoutMultiplier = 0;
					_v48.ReadTotalTimeoutConstant = 0;
					_v48.WriteTotalTimeoutMultiplier = 0;
					_v48.WriteTotalTimeoutConstant = 0;
					_v48.ReadIntervalTimeout = 0;
					BuildCommDCBAndTimeoutsW(L"cefucah zugukuleyevalecuf coyefafipalicozexayuluyegefu tazugisipeb zewavutibobakezawuhaxu",  &_v28,  &_v48);
					GetDriveTypeA("pihevaxoduyuro");
					CallNamedPipeW(0, 0, 0, 0, 0, 0, 0);
					GetThreadPriority(0);
					GlobalDeleteAtom(0);
					FindAtomW(L"Johufiyonu");
					__imp__SetComputerNameExW(0, L"sesujucuyeritaliji");
					WriteConsoleInputA(0, 0, 0,  &_v60);
					GetWriteWatch(0, 0, 0, 0, 0, 0);
					__imp__FindNextVolumeMountPointA(0, 0, 0);
					__imp__CreateTimerQueue();
					FreeEnvironmentStringsW(0);
					WritePrivateProfileStructA(0, 0, 0, 0, 0);
					EscapeCommFunction(0, 0);
				}
				 *_t33 = 0;
				_t12 =  *0x6328e8; // 0x423c7a
				 *_t33 =  *_t33 + _t12;
				 *_t33 =  *_t33 + 0x38d6;
				_t14 = _a4;
				 *((char*)( *0x615d40 + _t14)) =  *((intOrPtr*)( *_t33 + _t14));
				return _t14;
			}

0x00409b3a
0x00409b42
0x00409b46
0x00409b4a
0x00409b4e
0x00409b61
0x00409b69
0x00409b74
0x00409b88
0x00409b90
0x00409b98
0x00409ba3
0x00409bb0
0x00409bc1
0x00409bd3
0x00409bdf
0x00409be5
0x00409bed
0x00409bfd
0x00409c07
0x00409c07
0x00409c0d
0x00409c14
0x00409c19
0x00409c21
0x00409c27
0x00409c34
0x00409c3a

APIs

BuildCommDCBAndTimeoutsW.KERNEL32 ref: 00409B69
GetDriveTypeA.KERNEL32(pihevaxoduyuro), ref: 00409B74
CallNamedPipeW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409B88
GetThreadPriority.KERNEL32(00000000), ref: 00409B90
GlobalDeleteAtom.KERNEL32(00000000), ref: 00409B98
FindAtomW.KERNEL32(Johufiyonu), ref: 00409BA3
SetComputerNameExW.KERNEL32(00000000,sesujucuyeritaliji), ref: 00409BB0
WriteConsoleInputA.KERNEL32(00000000,00000000,00000000,?), ref: 00409BC1
GetWriteWatch.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409BD3
FindNextVolumeMountPointA.KERNEL32(00000000,00000000,00000000), ref: 00409BDF
CreateTimerQueue.KERNEL32 ref: 00409BE5
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00409BED
WritePrivateProfileStructA.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00409BFD
EscapeCommFunction.KERNEL32(00000000,00000000), ref: 00409C07

Strings

cefucah zugukuleyevalecuf coyefafipalicozexayuluyegefu tazugisipeb zewavutibobakezawuhaxu, xrefs: 00409B5C
Johufiyonu, xrefs: 00409B9E
sesujucuyeritaliji, xrefs: 00409BA9
z<B, xrefs: 00409C14
pihevaxoduyuro, xrefs: 00409B6F

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: Write$AtomCommFind$BuildCallComputerConsoleCreateDeleteDriveEnvironmentEscapeFreeFunctionGlobalInputMountNameNamedNextPipePointPriorityPrivateProfileQueueStringsStructThreadTimeoutsTimerTypeVolumeWatch
String ID: Johufiyonu$cefucah zugukuleyevalecuf coyefafipalicozexayuluyegefu tazugisipeb zewavutibobakezawuhaxu$pihevaxoduyuro$sesujucuyeritaliji$z<B
API String ID: 293722815-4125814950
Opcode ID: 26c43a98229c97212bd180767575e2d4bc9e5ec4421956c4e24a202d83c2b1b6
Instruction ID: a8fb35be1fb3c2411ff09792b467be962dccc43bc3f5e42330bd6c9e555d6447
Opcode Fuzzy Hash: 26c43a98229c97212bd180767575e2d4bc9e5ec4421956c4e24a202d83c2b1b6
Instruction Fuzzy Hash: CF211F35648341EFE340AFA4EE49B597BB0BB48B02F104429F7CAE55F1D6B05484CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 0041DB63 Relevance: 33.3, APIs: 22, Instructions: 296
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E0041DB63(void* __ebx, void* __edi, void* __esi) {
				intOrPtr* _t143;
				signed int* _t145;
				int _t150;
				intOrPtr* _t167;
				intOrPtr _t189;
				void* _t206;
				intOrPtr _t223;
				intOrPtr _t230;
				void* _t272;
				void* _t273;
				signed int _t274;

				_t273 = __esi;
				_t272 = __edi;
				_t206 = __ebx;
				if( *(_t274 + 8) == 0) {
					_t143 = E0040D3B0(_t274 - 0x20);
					_t208 =  *_t143;
					if( *((intOrPtr*)( *_t143 + 0x14)) != 0) {
						_t210 = _t274 - 0x20;
						_t145 = E0040D3B0(_t274 - 0x20);
						_t256 =  *_t145;
						 *(_t274 - 4) = WideCharToMultiByte( *( *_t145 + 4), 0,  *(_t274 + 0xc), 0xffffffff, 0, 0, 0, _t274 - 0x10);
						if( *(_t274 - 4) == 0 ||  *(_t274 - 0x10) != 0) {
							 *((intOrPtr*)(L0040EC70(_t210))) = 0x2a;
							 *(_t274 - 0x68) = 0xffffffff;
							E0040D380(_t274 - 0x20);
							_t150 =  *(_t274 - 0x68);
						} else {
							 *(_t274 - 0x6c) =  *(_t274 - 4) - 1;
							E0040D380(_t274 - 0x20);
							_t150 =  *(_t274 - 0x6c);
						}
					} else {
						_t256 =  *(_t274 + 0xc);
						 *(_t274 - 0x64) = E00418B40(_t208,  *(_t274 + 0xc));
						E0040D380(_t274 - 0x20);
						_t150 =  *(_t274 - 0x64);
					}
					L47:
					return E00416CA0(_t150, _t206,  *(_t274 - 0x24) ^ _t274, _t256, _t272, _t273);
				}
				if( *((intOrPtr*)( *((intOrPtr*)(E0040D3B0(_t274 - 0x20))) + 0x14)) != 0) {
					if( *((intOrPtr*)( *((intOrPtr*)(E0040D3B0(_t274 - 0x20))) + 0xac)) != 1) {
						_t223 =  *((intOrPtr*)(E0040D3B0(_t274 - 0x20)));
						_t256 =  *(_t223 + 4);
						 *(_t274 - 4) = WideCharToMultiByte( *(_t223 + 4), 0,  *(_t274 + 0xc), 0xffffffff,  *(_t274 + 8),  *(_t274 + 0x10), 0, _t274 - 0x10);
						if( *(_t274 - 4) == 0 ||  *(_t274 - 0x10) != 0) {
							if( *(_t274 - 0x10) != 0 || GetLastError() != 0x7a) {
								 *((intOrPtr*)(L0040EC70(_t223))) = 0x2a;
								 *(_t274 - 0x4c) = 0xffffffff;
								E0040D380(_t274 - 0x20);
								_t150 =  *(_t274 - 0x4c);
							} else {
								while( *(_t274 - 4) <  *(_t274 + 0x10)) {
									_t167 = E0040D3B0(_t274 - 0x20);
									_t230 =  *((intOrPtr*)(E0040D3B0(_t274 - 0x20)));
									_t256 =  *(_t230 + 4);
									 *((intOrPtr*)(_t274 - 0xc)) = WideCharToMultiByte( *(_t230 + 4), 0,  *(_t274 + 0xc), 1, _t274 - 0x2c,  *( *_t167 + 0xac), 0, _t274 - 0x10);
									if( *((intOrPtr*)(_t274 - 0xc)) == 0 ||  *(_t274 - 0x10) != 0) {
										 *((intOrPtr*)(L0040EC70(_t230))) = 0x2a;
										 *(_t274 - 0x50) = 0xffffffff;
										E0040D380(_t274 - 0x20);
										_t150 =  *(_t274 - 0x50);
									} else {
										if( *((intOrPtr*)(_t274 - 0xc)) < 0 ||  *((intOrPtr*)(_t274 - 0xc)) > 5) {
											 *((intOrPtr*)(L0040EC70(_t230))) = 0x2a;
											 *(_t274 - 0x54) = 0xffffffff;
											E0040D380(_t274 - 0x20);
											_t150 =  *(_t274 - 0x54);
										} else {
											if( *(_t274 - 4) +  *((intOrPtr*)(_t274 - 0xc)) <=  *(_t274 + 0x10)) {
												 *(_t274 - 8) = 0;
												while( *(_t274 - 8) <  *((intOrPtr*)(_t274 - 0xc))) {
													( *(_t274 + 8))[ *(_t274 - 4)] =  *((intOrPtr*)(_t274 +  *(_t274 - 8) - 0x2c));
													_t256 =  &(( *(_t274 + 8))[ *(_t274 - 4)]);
													if(( *(_t274 + 8))[ *(_t274 - 4)] != 0) {
														 *(_t274 - 8) =  *(_t274 - 8) + 1;
														 *(_t274 - 4) =  *(_t274 - 4) + 1;
														continue;
													}
													 *(_t274 - 0x5c) =  *(_t274 - 4);
													E0040D380(_t274 - 0x20);
													_t150 =  *(_t274 - 0x5c);
													goto L47;
												}
												_t256 =  &(( *(_t274 + 0xc))[1]);
												 *(_t274 + 0xc) =  &(( *(_t274 + 0xc))[1]);
												continue;
											}
											 *(_t274 - 0x58) =  *(_t274 - 4);
											E0040D380(_t274 - 0x20);
											_t150 =  *(_t274 - 0x58);
										}
									}
									goto L47;
								}
								 *(_t274 - 0x60) =  *(_t274 - 4);
								E0040D380(_t274 - 0x20);
								_t150 =  *(_t274 - 0x60);
							}
						} else {
							 *(_t274 - 0x48) =  *(_t274 - 4) - 1;
							E0040D380(_t274 - 0x20);
							_t150 =  *(_t274 - 0x48);
						}
						goto L47;
					}
					if( *(_t274 + 0x10) > 0) {
						 *(_t274 + 0x10) = E0041DF50( *(_t274 + 0xc),  *(_t274 + 0x10));
					}
					_t256 =  *(_t274 + 0xc);
					_t189 =  *((intOrPtr*)(E0040D3B0(_t274 - 0x20)));
					_t243 =  *(_t189 + 4);
					 *(_t274 - 4) = WideCharToMultiByte( *(_t189 + 4), 0,  *(_t274 + 0xc),  *(_t274 + 0x10),  *(_t274 + 8),  *(_t274 + 0x10), 0, _t274 - 0x10);
					if( *(_t274 - 4) == 0 ||  *(_t274 - 0x10) != 0) {
						 *((intOrPtr*)(L0040EC70(_t243))) = 0x2a;
						 *(_t274 - 0x44) = 0xffffffff;
						E0040D380(_t274 - 0x20);
						_t150 =  *(_t274 - 0x44);
					} else {
						if( *((char*)( &(( *(_t274 + 8))[ *(_t274 - 4)]) - 1)) == 0) {
							 *(_t274 - 4) =  *(_t274 - 4) - 1;
						}
						_t256 =  *(_t274 - 4);
						 *(_t274 - 0x40) =  *(_t274 - 4);
						E0040D380(_t274 - 0x20);
						_t150 =  *(_t274 - 0x40);
					}
					goto L47;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t248 =  *(_t274 - 4);
					if( *(_t274 - 4) >=  *(_t274 + 0x10)) {
						break;
					}
					_t256 =  *(_t274 + 0xc);
					if(( *( *(_t274 + 0xc)) & 0x0000ffff) <= 0xff) {
						( *(_t274 + 8))[ *(_t274 - 4)] =  *( *(_t274 + 0xc));
						_t256 =  *( *(_t274 + 0xc)) & 0x0000ffff;
						 *(_t274 + 0xc) =  &(( *(_t274 + 0xc))[1]);
						if(( *( *(_t274 + 0xc)) & 0x0000ffff) != 0) {
							_t256 =  *(_t274 - 4) + 1;
							 *(_t274 - 4) =  *(_t274 - 4) + 1;
							continue;
						}
						 *(_t274 - 0x38) =  *(_t274 - 4);
						E0040D380(_t274 - 0x20);
						_t150 =  *(_t274 - 0x38);
					} else {
						 *((intOrPtr*)(L0040EC70(_t248))) = 0x2a;
						 *(_t274 - 0x34) = 0xffffffff;
						E0040D380(_t274 - 0x20);
						_t150 =  *(_t274 - 0x34);
					}
					goto L47;
				}
				 *(_t274 - 0x3c) =  *(_t274 - 4);
				E0040D380(_t274 - 0x20);
				_t150 =  *(_t274 - 0x3c);
				goto L47;
			}

0x0041db63
0x0041db63
0x0041db63
0x0041db67
0x0041de9e
0x0041dea3
0x0041dea9
0x0041dedb
0x0041dede
0x0041dee3
0x0041deef
0x0041def6
0x0041df03
0x0041df09
0x0041df13
0x0041df18
0x0041df1d
0x0041df23
0x0041df29
0x0041df2e
0x0041df2e
0x0041deab
0x0041deab
0x0041deb7
0x0041debd
0x0041dec2
0x0041dec2
0x0041df3b
0x0041df48
0x0041df48
0x0041db7b
0x0041dc25
0x0041dcf1
0x0041dcf3
0x0041dcfd
0x0041dd04
0x0041dd29
0x0041dd3b
0x0041dd41
0x0041dd4b
0x0041dd50
0x0041dd58
0x0041dd58
0x0041dd6d
0x0041dd8f
0x0041dd91
0x0041dd9b
0x0041dda2
0x0041ddaf
0x0041ddb5
0x0041ddbf
0x0041ddc4
0x0041ddcc
0x0041ddd0
0x0041dddd
0x0041dde3
0x0041dded
0x0041ddf2
0x0041ddfa
0x0041de03
0x0041de1b
0x0041de36
0x0041de4b
0x0041de50
0x0041de58
0x0041de2a
0x0041de33
0x00000000
0x0041de33
0x0041de5d
0x0041de63
0x0041de68
0x00000000
0x0041de68
0x0041de75
0x0041de78
0x00000000
0x0041de78
0x0041de08
0x0041de0e
0x0041de13
0x0041de13
0x0041ddd0
0x00000000
0x0041dda2
0x0041de83
0x0041de89
0x0041de8e
0x0041de8e
0x0041dd0c
0x0041dd12
0x0041dd18
0x0041dd1d
0x0041dd1d
0x00000000
0x0041dd04
0x0041dc2f
0x0041dc41
0x0041dc41
0x0041dc56
0x0041dc64
0x0041dc66
0x0041dc70
0x0041dc77
0x0041dcb1
0x0041dcb7
0x0041dcc1
0x0041dcc6
0x0041dc7f
0x0041dc8b
0x0041dc93
0x0041dc93
0x0041dc96
0x0041dc99
0x0041dc9f
0x0041dca4
0x0041dca4
0x00000000
0x00000000
0x00000000
0x00000000
0x0041db81
0x0041db81
0x0041db81
0x0041db87
0x00000000
0x00000000
0x0041db89
0x0041db94
0x0041dbc3
0x0041dbc8
0x0041dbd1
0x0041dbd6
0x0041dbf1
0x0041dbf4
0x00000000
0x0041dbf4
0x0041dbdb
0x0041dbe1
0x0041dbe6
0x0041db96
0x0041db9b
0x0041dba1
0x0041dbab
0x0041dbb0
0x0041dbb0
0x00000000
0x0041db94
0x0041dbfc
0x0041dc02
0x0041dc07
0x00000000

APIs

_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0041DBAB
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0041DBE1
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0041DC02
wcsncnt.LIBCMTD ref: 0041DC39
WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0041DC6A
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0041DC9F
_wcslen.LIBCMTD ref: 0041DEAF
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0041DEBD

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: Locale$UpdateUpdate::~_$ByteCharMultiWide_wcslenwcsncnt
String ID:
API String ID: 4277434810-0
Opcode ID: dea9e2beb4e0d80b4cb8887b6ce4d8c909745e96bfec91943787277cc423218e
Instruction ID: de2b87b64d129ef9f79e6306887f4dc3efd560aa30a83e94199d6f00b94e77c0
Opcode Fuzzy Hash: dea9e2beb4e0d80b4cb8887b6ce4d8c909745e96bfec91943787277cc423218e
Instruction Fuzzy Hash: 19D11EB1D00208EFCF08DF94C995AEEB771FF55314F10816AE5126B2A0D738AE85DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0040C335 Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 264memoryCOMMON

Download Yara Rule

APIs

_CheckBytes.LIBCMTD ref: 0040C349
__CrtIsValidHeapPointer.LIBCMTD ref: 0040C3D5
_CheckBytes.LIBCMTD ref: 0040C480
_CheckBytes.LIBCMTD ref: 0040C53A
_memset.LIBCMT ref: 0040C631
__free_base.LIBCMTD ref: 0040C63D

Strings

pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ, xrefs: 0040C5FA
_CrtIsValidHeapPointer(pUserData), xrefs: 0040C3E1
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 0040C4C9
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040C3ED, 0040C44B, 0040C606
tDj, xrefs: 0040C38B
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer., xrefs: 0040C5C1
The Block at 0x%p was allocated by aligned routines, use _aligned_free(), xrefs: 0040C359
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer., xrefs: 0040C507
Client hook free failure., xrefs: 0040C3AC
_BLOCK_TYPE_IS_VALID(pHead->nBlockUse), xrefs: 0040C43F
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 0040C583

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: BytesCheck$HeapPointerValid__free_base_memset
String ID: Client hook free failure.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$The Block at 0x%p was allocated by aligned routines, use _aligned_free()$_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$_CrtIsValidHeapPointer(pUserData)$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c$pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ$tDj
API String ID: 25084783-3417358119
Opcode ID: fbe4c74e015f64c54af3eb90b61c0f23deadd203539db0b0d2051a21d28a637e
Instruction ID: cbe3cb26be786207528841e0087c9d635405288c5bca30eaf78aa0bd5529aeaa
Opcode Fuzzy Hash: fbe4c74e015f64c54af3eb90b61c0f23deadd203539db0b0d2051a21d28a637e
Instruction Fuzzy Hash: C391A374A40204FBEB24CB44DE82F6A7376AB48704F344269F504BB2C6D2B9FE51DA5D

Uniqueness

Uniqueness Score: -1.00%

Function 00421D57 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 241
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00421D57(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t494;
				signed int _t502;
				void* _t507;
				signed int _t509;
				void* _t529;
				signed int _t547;
				void* _t558;
				signed int _t567;
				void* _t625;
				void* _t626;
				signed int _t627;
				void* _t629;
				void* _t630;

				L0:
				while(1) {
					L0:
					_t626 = __esi;
					_t625 = __edi;
					_t558 = __ebx;
					_t494 = E0041C290(_t627 + 0x14);
					_t630 = _t629 + 4;
					 *(_t627 - 0x298) = _t494;
					if(E00420F80() != 0) {
						goto L118;
					}
					L109:
					__edx = 0;
					if(0 == 0) {
						 *(__ebp - 0x32c) = 0;
					} else {
						 *(__ebp - 0x32c) = 1;
					}
					__eax =  *(__ebp - 0x32c);
					 *(__ebp - 0x29c) =  *(__ebp - 0x32c);
					if( *(__ebp - 0x29c) == 0) {
						_push(L"(\"\'n\' format specifier disabled\", 0)");
						_push(0);
						_push(0x695);
						_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
						_push(2);
						__eax = L0040E1A0();
						__esp = __esp + 0x14;
						if(__eax == 1) {
							asm("int3");
						}
					}
					if( *(__ebp - 0x29c) != 0) {
						L117:
						while(1) {
							L190:
							if( *(_t627 - 0x28) != 0) {
								goto L216;
							}
							L191:
							if(( *(_t627 - 0x10) & 0x00000040) != 0) {
								if(( *(_t627 - 0x10) & 0x00000100) == 0) {
									if(( *(_t627 - 0x10) & 0x00000001) == 0) {
										if(( *(_t627 - 0x10) & 0x00000002) != 0) {
											 *((char*)(_t627 - 0x14)) = 0x20;
											 *(_t627 - 0x1c) = 1;
										}
									} else {
										 *((char*)(_t627 - 0x14)) = 0x2b;
										 *(_t627 - 0x1c) = 1;
									}
								} else {
									 *((char*)(_t627 - 0x14)) = 0x2d;
									 *(_t627 - 0x1c) = 1;
								}
							}
							 *((intOrPtr*)(_t627 - 0x2c4)) =  *((intOrPtr*)(_t627 - 0x18)) -  *(_t627 - 0x24) -  *(_t627 - 0x1c);
							if(( *(_t627 - 0x10) & 0x0000000c) == 0) {
								E00422790(0x20,  *((intOrPtr*)(_t627 - 0x2c4)),  *((intOrPtr*)(_t627 + 8)), _t627 - 0x24c);
								_t630 = _t630 + 0x10;
							}
							E004227D0( *(_t627 - 0x1c), _t627 - 0x14,  *(_t627 - 0x1c),  *((intOrPtr*)(_t627 + 8)), _t627 - 0x24c);
							_t630 = _t630 + 0x10;
							if(( *(_t627 - 0x10) & 0x00000008) != 0) {
								if(( *(_t627 - 0x10) & 0x00000004) == 0) {
									E00422790(0x30,  *((intOrPtr*)(_t627 - 0x2c4)),  *((intOrPtr*)(_t627 + 8)), _t627 - 0x24c);
									_t630 = _t630 + 0x10;
								}
							}
							if( *(_t627 - 0xc) == 0) {
								L212:
								E004227D0( *((intOrPtr*)(_t627 - 4)),  *((intOrPtr*)(_t627 - 4)),  *(_t627 - 0x24),  *((intOrPtr*)(_t627 + 8)), _t627 - 0x24c);
								_t630 = _t630 + 0x10;
								goto L213;
							} else {
								L204:
								if( *(_t627 - 0x24) <= 0) {
									goto L212;
								}
								L205:
								 *(_t627 - 0x2dc) = 0;
								 *((intOrPtr*)(_t627 - 0x2c8)) =  *((intOrPtr*)(_t627 - 4));
								 *(_t627 - 0x2cc) =  *(_t627 - 0x24);
								while(1) {
									L206:
									 *(_t627 - 0x2cc) =  *(_t627 - 0x2cc) - 1;
									if( *(_t627 - 0x2cc) == 0) {
										break;
									}
									L207:
									 *(_t627 - 0x32e) =  *((intOrPtr*)( *((intOrPtr*)(_t627 - 0x2c8))));
									_t547 = E004212A0(_t627 - 0x2d0, _t627 - 0x2d8, 6,  *(_t627 - 0x32e) & 0x0000ffff);
									_t630 = _t630 + 0x10;
									 *(_t627 - 0x2dc) = _t547;
									 *((intOrPtr*)(_t627 - 0x2c8)) =  *((intOrPtr*)(_t627 - 0x2c8)) + 2;
									if( *(_t627 - 0x2dc) != 0) {
										L209:
										 *(_t627 - 0x24c) = 0xffffffff;
										break;
									}
									L208:
									if( *(_t627 - 0x2d0) != 0) {
										L210:
										E004227D0( *((intOrPtr*)(_t627 + 8)), _t627 - 0x2d8,  *(_t627 - 0x2d0),  *((intOrPtr*)(_t627 + 8)), _t627 - 0x24c);
										_t630 = _t630 + 0x10;
										continue;
									}
									goto L209;
								}
								L211:
								L213:
								if( *(_t627 - 0x24c) >= 0) {
									if(( *(_t627 - 0x10) & 0x00000004) != 0) {
										E00422790(0x20,  *((intOrPtr*)(_t627 - 0x2c4)),  *((intOrPtr*)(_t627 + 8)), _t627 - 0x24c);
										_t630 = _t630 + 0x10;
									}
								}
							}
							L216:
							if( *(_t627 - 0x20) != 0) {
								L0040C240( *(_t627 - 0x20), 2);
								_t630 = _t630 + 8;
								 *(_t627 - 0x20) = 0;
							}
							while(1) {
								L218:
								 *(_t627 - 0x251) =  *( *(_t627 + 0xc));
								_t598 =  *(_t627 - 0x251);
								 *(_t627 + 0xc) =  *(_t627 + 0xc) + 1;
								if( *(_t627 - 0x251) == 0 ||  *(_t627 - 0x24c) < 0) {
									break;
								} else {
									if( *(_t627 - 0x251) < 0x20 ||  *(_t627 - 0x251) > 0x78) {
										 *(_t627 - 0x310) = 0;
									} else {
										 *(_t627 - 0x310) =  *( *(_t627 - 0x251) + L"pecifier\", 0)") & 0xf;
									}
								}
								L7:
								 *(_t627 - 0x250) =  *(_t627 - 0x310);
								_t509 =  *(_t627 - 0x250) * 9;
								_t567 =  *(_t627 - 0x25c);
								_t598 = ( *(_t509 + _t567 + 0x4083d0) & 0x000000ff) >> 4;
								 *(_t627 - 0x25c) = ( *(_t509 + _t567 + 0x4083d0) & 0x000000ff) >> 4;
								if( *(_t627 - 0x25c) != 8) {
									L16:
									 *(_t627 - 0x318) =  *(_t627 - 0x25c);
									if( *(_t627 - 0x318) > 7) {
										continue;
									}
									L17:
									switch( *((intOrPtr*)( *(_t627 - 0x318) * 4 +  &M004225E0))) {
										case 0:
											L18:
											 *(_t627 - 0xc) = 0;
											_t512 = E00419390( *(_t627 - 0x251) & 0x000000ff, E0040D3B0(_t627 - 0x40));
											_t633 = _t630 + 8;
											__eflags = _t512;
											if(_t512 == 0) {
												L24:
												E004226F0( *(_t627 - 0x251) & 0x000000ff,  *(_t627 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t627 + 8)), _t627 - 0x24c);
												_t630 = _t633 + 0xc;
												goto L218;
											} else {
												E004226F0( *((intOrPtr*)(_t627 + 8)),  *(_t627 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t627 + 8)), _t627 - 0x24c);
												_t633 = _t633 + 0xc;
												_t572 =  *( *(_t627 + 0xc));
												 *(_t627 - 0x251) =  *( *(_t627 + 0xc));
												_t598 =  *(_t627 + 0xc) + 1;
												__eflags = _t598;
												 *(_t627 + 0xc) = _t598;
												asm("sbb eax, eax");
												 *(_t627 - 0x27c) =  ~( ~( *(_t627 - 0x251)));
												if(_t598 == 0) {
													_push(L"(ch != _T(\'\\0\'))");
													_push(0);
													_push(0x486);
													_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
													_push(2);
													_t524 = L0040E1A0();
													_t633 = _t633 + 0x14;
													__eflags = _t524 - 1;
													if(_t524 == 1) {
														asm("int3");
													}
												}
												L22:
												__eflags =  *(_t627 - 0x27c);
												if( *(_t627 - 0x27c) != 0) {
													goto L24;
												} else {
													 *((intOrPtr*)(L0040EC70(_t572))) = 0x16;
													E00411A50(_t558, _t572, _t625, _t626, L"(ch != _T(\'\\0\'))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x486, 0);
													 *(_t627 - 0x2f4) = 0xffffffff;
													E0040D380(_t627 - 0x40);
													_t502 =  *(_t627 - 0x2f4);
													goto L229;
												}
											}
										case 1:
											L25:
											 *(__ebp - 0x2c) = 0;
											__edx =  *(__ebp - 0x2c);
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											__eax =  *(__ebp - 0x28);
											 *(__ebp - 0x18) =  *(__ebp - 0x28);
											__ecx =  *(__ebp - 0x18);
											 *(__ebp - 0x1c) = __ecx;
											 *(__ebp - 0x10) = 0;
											 *(__ebp - 0x30) = 0xffffffff;
											 *(__ebp - 0xc) = 0;
											goto L218;
										case 2:
											L26:
											__edx =  *((char*)(__ebp - 0x251));
											 *(__ebp - 0x31c) =  *((char*)(__ebp - 0x251));
											 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
											 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
											__eflags =  *(__ebp - 0x31c) - 0x10;
											if( *(__ebp - 0x31c) > 0x10) {
												goto L33;
											}
											L27:
											__ecx =  *(__ebp - 0x31c);
											_t73 = __ecx + 0x422618; // 0x498d04
											__edx =  *_t73 & 0x000000ff;
											switch( *((intOrPtr*)(( *_t73 & 0x000000ff) * 4 +  &M00422600))) {
												case 0:
													goto L30;
												case 1:
													goto L31;
												case 2:
													goto L29;
												case 3:
													goto L28;
												case 4:
													goto L32;
												case 5:
													goto L33;
											}
										case 3:
											L34:
											__edx =  *((char*)(__ebp - 0x251));
											__eflags =  *((char*)(__ebp - 0x251)) - 0x2a;
											if( *((char*)(__ebp - 0x251)) != 0x2a) {
												__eax =  *(__ebp - 0x18);
												__eax =  *(__ebp - 0x18) * 0xa;
												__eflags = __eax;
												__ecx =  *((char*)(__ebp - 0x251));
												_t97 = __ecx - 0x30; // -48
												__edx = __eax + _t97;
												 *(__ebp - 0x18) = __eax + _t97;
											} else {
												__eax = __ebp + 0x14;
												 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
												__eflags =  *(__ebp - 0x18);
												if( *(__ebp - 0x18) < 0) {
													__ecx =  *(__ebp - 0x10);
													__ecx =  *(__ebp - 0x10) | 0x00000004;
													__eflags = __ecx;
													 *(__ebp - 0x10) = __ecx;
													 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
													 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
												}
											}
											goto L218;
										case 4:
											L40:
											 *(__ebp - 0x30) = 0;
											goto L218;
										case 5:
											L41:
											__eax =  *((char*)(__ebp - 0x251));
											__eflags =  *((char*)(__ebp - 0x251)) - 0x2a;
											if( *((char*)(__ebp - 0x251)) != 0x2a) {
												__edx =  *(__ebp - 0x30);
												__edx =  *(__ebp - 0x30) * 0xa;
												__eflags = __edx;
												_t108 =  *((char*)(__ebp - 0x251)) - 0x30; // -48
												__ecx = __edx + _t108;
												 *(__ebp - 0x30) = __ecx;
											} else {
												__ecx = __ebp + 0x14;
												 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
												__eflags =  *(__ebp - 0x30);
												if( *(__ebp - 0x30) < 0) {
													 *(__ebp - 0x30) = 0xffffffff;
												}
											}
											goto L218;
										case 6:
											L47:
											__edx =  *((char*)(__ebp - 0x251));
											 *(__ebp - 0x320) =  *((char*)(__ebp - 0x251));
											 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
											 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
											__eflags =  *(__ebp - 0x320) - 0x2e;
											if( *(__ebp - 0x320) > 0x2e) {
												L70:
												goto L218;
											}
											L48:
											__ecx =  *(__ebp - 0x320);
											_t116 = __ecx + 0x422640; // 0x1e4e9003
											__edx =  *_t116 & 0x000000ff;
											switch( *((intOrPtr*)(( *_t116 & 0x000000ff) * 4 +  &M0042262C))) {
												case 0:
													L53:
													__edx =  *(__ebp + 0xc);
													__eax =  *( *(__ebp + 0xc));
													__eflags =  *( *(__ebp + 0xc)) - 0x36;
													if( *( *(__ebp + 0xc)) != 0x36) {
														L56:
														__edx =  *(__ebp + 0xc);
														__eax =  *( *(__ebp + 0xc));
														__eflags =  *( *(__ebp + 0xc)) - 0x33;
														if( *( *(__ebp + 0xc)) != 0x33) {
															L59:
															__edx =  *(__ebp + 0xc);
															__eax =  *( *(__ebp + 0xc));
															__eflags =  *( *(__ebp + 0xc)) - 0x64;
															if( *( *(__ebp + 0xc)) == 0x64) {
																L65:
																L67:
																goto L70;
															}
															L60:
															__ecx =  *(__ebp + 0xc);
															__edx =  *__ecx;
															__eflags =  *__ecx - 0x69;
															if( *__ecx == 0x69) {
																goto L65;
															}
															L61:
															__eax =  *(__ebp + 0xc);
															__ecx =  *( *(__ebp + 0xc));
															__eflags = __ecx - 0x6f;
															if(__ecx == 0x6f) {
																goto L65;
															}
															L62:
															__edx =  *(__ebp + 0xc);
															__eax =  *( *(__ebp + 0xc));
															__eflags =  *( *(__ebp + 0xc)) - 0x75;
															if( *( *(__ebp + 0xc)) == 0x75) {
																goto L65;
															}
															L63:
															__ecx =  *(__ebp + 0xc);
															__edx =  *__ecx;
															__eflags =  *__ecx - 0x78;
															if( *__ecx == 0x78) {
																goto L65;
															}
															L64:
															__eax =  *(__ebp + 0xc);
															__ecx =  *( *(__ebp + 0xc));
															__eflags = __ecx - 0x58;
															if(__ecx != 0x58) {
																 *(__ebp - 0x25c) = 0;
																goto L18;
															}
															goto L65;
														}
														L57:
														__ecx =  *(__ebp + 0xc);
														__edx =  *((char*)(__ecx + 1));
														__eflags =  *((char*)(__ecx + 1)) - 0x32;
														if( *((char*)(__ecx + 1)) != 0x32) {
															goto L59;
														} else {
															 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
															 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
															__ecx =  *(__ebp - 0x10);
															__ecx =  *(__ebp - 0x10) & 0xffff7fff;
															 *(__ebp - 0x10) = __ecx;
															goto L67;
														}
													}
													L54:
													__ecx =  *(__ebp + 0xc);
													__edx =  *((char*)(__ecx + 1));
													__eflags =  *((char*)(__ecx + 1)) - 0x34;
													if( *((char*)(__ecx + 1)) != 0x34) {
														goto L56;
													} else {
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
														__ecx =  *(__ebp - 0x10);
														__ecx =  *(__ebp - 0x10) | 0x00008000;
														 *(__ebp - 0x10) = __ecx;
														goto L67;
													}
												case 1:
													L68:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
													goto L70;
												case 2:
													L49:
													__eax =  *(__ebp + 0xc);
													__ecx =  *( *(__ebp + 0xc));
													__eflags = __ecx - 0x6c;
													if(__ecx != 0x6c) {
														__ecx =  *(__ebp - 0x10);
														__ecx =  *(__ebp - 0x10) | 0x00000010;
														__eflags = __ecx;
														 *(__ebp - 0x10) = __ecx;
													} else {
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
													}
													goto L70;
												case 3:
													L69:
													__eax =  *(__ebp - 0x10);
													__eax =  *(__ebp - 0x10) | 0x00000800;
													__eflags = __eax;
													 *(__ebp - 0x10) = __eax;
													goto L70;
												case 4:
													goto L70;
											}
										case 7:
											L71:
											__ecx =  *((char*)(__ebp - 0x251));
											 *(__ebp - 0x324) = __ecx;
											 *(__ebp - 0x324) =  *(__ebp - 0x324) - 0x41;
											 *(__ebp - 0x324) =  *(__ebp - 0x324) - 0x41;
											__eflags =  *(__ebp - 0x324) - 0x37;
											if( *(__ebp - 0x324) > 0x37) {
												goto L190;
												do {
													do {
														while(1) {
															L190:
															if( *(_t627 - 0x28) != 0) {
																goto L216;
															}
															goto L191;
														}
														L186:
														__ebp - 0x49 = __ebp - 0x49 -  *(__ebp - 4);
														 *(__ebp - 0x24) = __ebp - 0x49 -  *(__ebp - 4);
														__ecx =  *(__ebp - 4);
														__ecx =  *(__ebp - 4) + 1;
														 *(__ebp - 4) = __ecx;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000200;
														__eflags =  *(__ebp - 0x10) & 0x00000200;
													} while (( *(__ebp - 0x10) & 0x00000200) == 0);
													__eflags =  *(__ebp - 0x24);
													if( *(__ebp - 0x24) == 0) {
														break;
													}
													L188:
													__eax =  *(__ebp - 4);
													__ecx =  *( *(__ebp - 4));
													__eflags = __ecx - 0x30;
												} while (__ecx == 0x30);
												L189:
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												__eax =  *(__ebp - 4);
												 *( *(__ebp - 4)) = 0x30;
												__ecx =  *(__ebp - 0x24);
												__ecx =  *(__ebp - 0x24) + 1;
												__eflags = __ecx;
												 *(__ebp - 0x24) = __ecx;
												while(1) {
													L190:
													if( *(_t627 - 0x28) != 0) {
														goto L216;
													}
													goto L191;
												}
											}
											L72:
											_t157 =  *(__ebp - 0x324) + 0x4226ac; // 0xcccccc0d
											__ecx =  *_t157 & 0x000000ff;
											switch( *((intOrPtr*)(__ecx * 4 +  &M00422670))) {
												case 0:
													L122:
													 *(__ebp - 0x2c) = 1;
													__ecx =  *((char*)(__ebp - 0x251));
													__ecx =  *((char*)(__ebp - 0x251)) + 0x20;
													__eflags = __ecx;
													 *((char*)(__ebp - 0x251)) = __cl;
													goto L123;
												case 1:
													L73:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
													__eflags =  *(__ebp - 0x10) & 0x00000830;
													if(( *(__ebp - 0x10) & 0x00000830) == 0) {
														__eax =  *(__ebp - 0x10);
														__eax =  *(__ebp - 0x10) | 0x00000800;
														__eflags = __eax;
														 *(__ebp - 0x10) = __eax;
													}
													goto L75;
												case 2:
													L88:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
													__eflags =  *(__ebp - 0x10) & 0x00000830;
													if(( *(__ebp - 0x10) & 0x00000830) == 0) {
														__ecx =  *(__ebp - 0x10);
														__ecx =  *(__ebp - 0x10) | 0x00000800;
														__eflags = __ecx;
														 *(__ebp - 0x10) = __ecx;
													}
													goto L90;
												case 3:
													L146:
													 *(__ebp - 0x260) = 7;
													goto L148;
												case 4:
													L81:
													__eax = __ebp + 0x14;
													 *(__ebp - 0x288) = E0041C290(__ebp + 0x14);
													__eflags =  *(__ebp - 0x288);
													if( *(__ebp - 0x288) == 0) {
														L83:
														__edx =  *0x60b4f0; // 0x407424
														 *(__ebp - 4) = __edx;
														__eax =  *(__ebp - 4);
														 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
														L87:
														goto L190;
													}
													L82:
													__ecx =  *(__ebp - 0x288);
													__eflags =  *(__ecx + 4);
													if( *(__ecx + 4) != 0) {
														L84:
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
														__eflags =  *(__ebp - 0x10) & 0x00000800;
														if(( *(__ebp - 0x10) & 0x00000800) == 0) {
															 *(__ebp - 0xc) = 0;
															__edx =  *(__ebp - 0x288);
															__eax =  *(__edx + 4);
															 *(__ebp - 4) =  *(__edx + 4);
															__ecx =  *(__ebp - 0x288);
															__edx =  *__ecx;
															 *(__ebp - 0x24) =  *__ecx;
														} else {
															__edx =  *(__ebp - 0x288);
															__eax =  *(__edx + 4);
															 *(__ebp - 4) =  *(__edx + 4);
															__ecx =  *(__ebp - 0x288);
															__eax =  *__ecx;
															asm("cdq");
															 *__ecx - __edx =  *__ecx - __edx >> 1;
															 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
															 *(__ebp - 0xc) = 1;
														}
														goto L87;
													}
													goto L83;
												case 5:
													L123:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													__eax = __ebp - 0x248;
													 *(__ebp - 4) = __ebp - 0x248;
													 *(__ebp - 0x44) = 0x200;
													__eflags =  *(__ebp - 0x30);
													if( *(__ebp - 0x30) >= 0) {
														L125:
														__eflags =  *(__ebp - 0x30);
														if( *(__ebp - 0x30) != 0) {
															L128:
															__eflags =  *(__ebp - 0x30) - 0x200;
															if( *(__ebp - 0x30) > 0x200) {
																 *(__ebp - 0x30) = 0x200;
															}
															L130:
															__eflags =  *(__ebp - 0x30) - 0xa3;
															if( *(__ebp - 0x30) > 0xa3) {
																 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																 *(__ebp - 0x20) = L0040B5C0(__ecx,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																__eflags =  *(__ebp - 0x20);
																if( *(__ebp - 0x20) == 0) {
																	 *(__ebp - 0x30) = 0xa3;
																} else {
																	__eax =  *(__ebp - 0x20);
																	 *(__ebp - 4) =  *(__ebp - 0x20);
																	 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																	 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																}
															}
															 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
															 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
															__eax =  *(__ebp + 0x14);
															__ecx =  *(__eax - 8);
															__edx =  *(__eax - 4);
															 *(__ebp - 0x2a8) =  *(__eax - 8);
															 *(__ebp - 0x2a4) =  *(__eax - 4);
															__ecx = __ebp - 0x40;
															_push(E0040D3B0(__ebp - 0x40));
															__eax =  *(__ebp - 0x2c);
															_push( *(__ebp - 0x2c));
															__ecx =  *(__ebp - 0x30);
															_push( *(__ebp - 0x30));
															__edx =  *((char*)(__ebp - 0x251));
															_push( *((char*)(__ebp - 0x251)));
															__eax =  *(__ebp - 0x44);
															_push( *(__ebp - 0x44));
															__ecx =  *(__ebp - 4);
															_push( *(__ebp - 4));
															__edx = __ebp - 0x2a8;
															_push(__ebp - 0x2a8);
															__eax =  *0x60b3cc; // 0x7e8c4bdb
															__eax =  *__eax();
															__esp = __esp + 0x1c;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
															__eflags =  *(__ebp - 0x10) & 0x00000080;
															if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) == 0) {
																	__ecx = __ebp - 0x40;
																	_push(E0040D3B0(__ebp - 0x40));
																	__edx =  *(__ebp - 4);
																	_push( *(__ebp - 4));
																	__eax =  *0x60b3d8; // 0x7e8c4bdb
																	__eax =  *__eax();
																	__esp = __esp + 8;
																}
															}
															__ecx =  *((char*)(__ebp - 0x251));
															__eflags =  *((char*)(__ebp - 0x251)) - 0x67;
															if( *((char*)(__ebp - 0x251)) == 0x67) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																__eflags =  *(__ebp - 0x10) & 0x00000080;
																if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																	__ecx = __ebp - 0x40;
																	_push(E0040D3B0(__ebp - 0x40));
																	__eax =  *(__ebp - 4);
																	_push( *(__ebp - 4));
																	__ecx =  *0x60b3d4; // 0x7e8c4bdb
																	E00410200(__ecx) =  *__eax();
																	__esp = __esp + 8;
																}
															}
															__edx =  *(__ebp - 4);
															__eax =  *( *(__ebp - 4));
															__eflags =  *( *(__ebp - 4)) - 0x2d;
															if( *( *(__ebp - 4)) == 0x2d) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																__edx =  *(__ebp - 4);
																__edx =  *(__ebp - 4) + 1;
																__eflags = __edx;
																 *(__ebp - 4) = __edx;
															}
															__eax =  *(__ebp - 4);
															 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
															do {
																L190:
																if( *(_t627 - 0x28) != 0) {
																	goto L216;
																}
																goto L191;
															} while ( *(__ebp - 0x324) > 0x37);
															goto L72;
														}
														L126:
														__ecx =  *((char*)(__ebp - 0x251));
														__eflags = __ecx - 0x67;
														if(__ecx != 0x67) {
															goto L128;
														}
														L127:
														 *(__ebp - 0x30) = 1;
														goto L130;
													}
													L124:
													 *(__ebp - 0x30) = 6;
													goto L130;
												case 6:
													L75:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
													__eflags =  *(__ebp - 0x10) & 0x00000810;
													if(( *(__ebp - 0x10) & 0x00000810) == 0) {
														__ebp + 0x14 = E0041C290(__ebp + 0x14);
														 *(__ebp - 0x284) = __ax;
														__cl =  *(__ebp - 0x284);
														 *(__ebp - 0x248) = __cl;
														 *(__ebp - 0x24) = 1;
													} else {
														 *(__ebp - 0x280) = 0;
														__edx = __ebp + 0x14;
														__eax = E0041C2D0(__ebp + 0x14);
														 *(__ebp - 0x258) = __ax;
														__eax =  *(__ebp - 0x258) & 0x0000ffff;
														__ecx = __ebp - 0x248;
														__edx = __ebp - 0x24;
														 *(__ebp - 0x280) = E004212A0(__ebp - 0x24, __ebp - 0x248, 0x200,  *(__ebp - 0x258) & 0x0000ffff);
														__eflags =  *(__ebp - 0x280);
														if( *(__ebp - 0x280) != 0) {
															 *(__ebp - 0x28) = 1;
														}
													}
													__edx = __ebp - 0x248;
													 *(__ebp - 4) = __ebp - 0x248;
													while(1) {
														L190:
														if( *(_t627 - 0x28) != 0) {
															goto L216;
														}
														goto L191;
													}
												case 7:
													L143:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 8) = 0xa;
													goto L153;
												case 8:
													goto L0;
												case 9:
													L151:
													 *(__ebp - 8) = 8;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
													__eflags =  *(__ebp - 0x10) & 0x00000080;
													if(( *(__ebp - 0x10) & 0x00000080) != 0) {
														__edx =  *(__ebp - 0x10);
														__edx =  *(__ebp - 0x10) | 0x00000200;
														__eflags = __edx;
														 *(__ebp - 0x10) = __edx;
													}
													goto L153;
												case 0xa:
													L145:
													 *(__ebp - 0x30) = 8;
													goto L146;
												case 0xb:
													L90:
													__eflags =  *(__ebp - 0x30) - 0xffffffff;
													if( *(__ebp - 0x30) != 0xffffffff) {
														__edx =  *(__ebp - 0x30);
														 *(__ebp - 0x328) =  *(__ebp - 0x30);
													} else {
														 *(__ebp - 0x328) = 0x7fffffff;
													}
													__eax =  *(__ebp - 0x328);
													 *(__ebp - 0x290) =  *(__ebp - 0x328);
													__ecx = __ebp + 0x14;
													 *(__ebp - 4) = E0041C290(__ebp + 0x14);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
													__eflags =  *(__ebp - 0x10) & 0x00000810;
													if(( *(__ebp - 0x10) & 0x00000810) == 0) {
														L101:
														__eflags =  *(__ebp - 4);
														if( *(__ebp - 4) == 0) {
															__edx =  *0x60b4f0; // 0x407424
															 *(__ebp - 4) = __edx;
														}
														__eax =  *(__ebp - 4);
														 *(__ebp - 0x28c) =  *(__ebp - 4);
														while(1) {
															L104:
															__ecx =  *(__ebp - 0x290);
															 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
															 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
															__eflags = __ecx;
															if(__ecx == 0) {
																break;
															}
															L105:
															__eax =  *(__ebp - 0x28c);
															__ecx =  *( *(__ebp - 0x28c));
															__eflags = __ecx;
															if(__ecx == 0) {
																break;
															}
															L106:
															 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
															 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
														}
														L107:
														__eax =  *(__ebp - 0x28c);
														__eax =  *(__ebp - 0x28c) -  *(__ebp - 4);
														__eflags = __eax;
														 *(__ebp - 0x24) = __eax;
														goto L108;
													} else {
														L94:
														__eflags =  *(__ebp - 4);
														if( *(__ebp - 4) == 0) {
															__eax =  *0x60b4f4; // 0x407414
															 *(__ebp - 4) = __eax;
														}
														 *(__ebp - 0xc) = 1;
														__ecx =  *(__ebp - 4);
														 *(__ebp - 0x294) =  *(__ebp - 4);
														while(1) {
															L97:
															__edx =  *(__ebp - 0x290);
															 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
															 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
															__eflags =  *(__ebp - 0x290);
															if( *(__ebp - 0x290) == 0) {
																break;
															}
															L98:
															__ecx =  *(__ebp - 0x294);
															__edx =  *( *(__ebp - 0x294)) & 0x0000ffff;
															__eflags =  *( *(__ebp - 0x294)) & 0x0000ffff;
															if(( *( *(__ebp - 0x294)) & 0x0000ffff) == 0) {
																break;
															}
															L99:
															 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
															 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
														}
														L100:
														 *(__ebp - 0x294) =  *(__ebp - 0x294) -  *(__ebp - 4);
														__ecx =  *(__ebp - 0x294) -  *(__ebp - 4) >> 1;
														 *(__ebp - 0x24) = __ecx;
														L108:
														while(1) {
															L190:
															if( *(_t627 - 0x28) != 0) {
																goto L216;
															}
															goto L191;
														}
													}
												case 0xc:
													L144:
													 *(__ebp - 8) = 0xa;
													goto L153;
												case 0xd:
													L147:
													 *(__ebp - 0x260) = 0x27;
													L148:
													 *(__ebp - 8) = 0x10;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
													__eflags =  *(__ebp - 0x10) & 0x00000080;
													if(( *(__ebp - 0x10) & 0x00000080) != 0) {
														 *((char*)(__ebp - 0x14)) = 0x30;
														 *(__ebp - 0x260) =  *(__ebp - 0x260) + 0x51;
														__eflags =  *(__ebp - 0x260) + 0x51;
														 *((char*)(__ebp - 0x13)) = __al;
														 *(__ebp - 0x1c) = 2;
													}
													L153:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
													__eflags =  *(__ebp - 0x10) & 0x00008000;
													if(( *(__ebp - 0x10) & 0x00008000) == 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
														__eflags =  *(__ebp - 0x10) & 0x00001000;
														if(( *(__ebp - 0x10) & 0x00001000) == 0) {
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
															__eflags =  *(__ebp - 0x10) & 0x00000020;
															if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																__eflags =  *(__ebp - 0x10) & 0x00000040;
																if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																	__ecx = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	__edx = 0;
																	__eflags = 0;
																	 *(__ebp - 0x2b8) = __eax;
																	 *(__ebp - 0x2b4) = 0;
																} else {
																	__eax = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	asm("cdq");
																	 *(__ebp - 0x2b8) = __eax;
																	 *(__ebp - 0x2b4) = __edx;
																}
															} else {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																__eflags =  *(__ebp - 0x10) & 0x00000040;
																if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																	__ecx = __ebp + 0x14;
																	E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																	asm("cdq");
																	 *(__ebp - 0x2b8) = __ax & 0x0000ffff;
																	 *(__ebp - 0x2b4) = __edx;
																} else {
																	__eax = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	__ax = __eax;
																	asm("cdq");
																	 *(__ebp - 0x2b8) = __eax;
																	 *(__ebp - 0x2b4) = __edx;
																}
															}
														} else {
															__eax = __ebp + 0x14;
															 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
															 *(__ebp - 0x2b4) = __edx;
														}
													} else {
														__ecx = __ebp + 0x14;
														 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
														 *(__ebp - 0x2b4) = __edx;
													}
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
													__eflags =  *(__ebp - 0x10) & 0x00000040;
													if(( *(__ebp - 0x10) & 0x00000040) == 0) {
														L170:
														__ecx =  *(__ebp - 0x2b8);
														 *(__ebp - 0x2c0) =  *(__ebp - 0x2b8);
														__edx =  *(__ebp - 0x2b4);
														 *(__ebp - 0x2bc) =  *(__ebp - 0x2b4);
														goto L171;
													} else {
														L166:
														__eflags =  *(__ebp - 0x2b4);
														if(__eflags > 0) {
															goto L170;
														}
														L167:
														if(__eflags < 0) {
															L169:
															 *(__ebp - 0x2b8) =  ~( *(__ebp - 0x2b8));
															__edx =  *(__ebp - 0x2b4);
															asm("adc edx, 0x0");
															__edx =  ~( *(__ebp - 0x2b4));
															 *(__ebp - 0x2c0) =  ~( *(__ebp - 0x2b8));
															 *(__ebp - 0x2bc) =  ~( *(__ebp - 0x2b4));
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
															L171:
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
															__eflags =  *(__ebp - 0x10) & 0x00008000;
															if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																__eflags =  *(__ebp - 0x10) & 0x00001000;
																if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																	__edx =  *(__ebp - 0x2c0);
																	__eax =  *(__ebp - 0x2bc);
																	__eax =  *(__ebp - 0x2bc) & 0x00000000;
																	__eflags = __eax;
																	 *(__ebp - 0x2bc) = __eax;
																}
															}
															__eflags =  *(__ebp - 0x30);
															if( *(__ebp - 0x30) >= 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
																__eflags =  *(__ebp - 0x30) - 0x200;
																if( *(__ebp - 0x30) > 0x200) {
																	 *(__ebp - 0x30) = 0x200;
																}
															} else {
																 *(__ebp - 0x30) = 1;
															}
															 *(__ebp - 0x2c0) =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
															__eflags =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
															if(( *(__ebp - 0x2c0) |  *(__ebp - 0x2bc)) == 0) {
																 *(__ebp - 0x1c) = 0;
															}
															__eax = __ebp - 0x49;
															 *(__ebp - 4) = __ebp - 0x49;
															while(1) {
																L181:
																__ecx =  *(__ebp - 0x30);
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) > 0) {
																	goto L183;
																}
																L182:
																 *(__ebp - 0x2c0) =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
																__eflags =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
																if(( *(__ebp - 0x2c0) |  *(__ebp - 0x2bc)) == 0) {
																	goto L186;
																}
																L183:
																__eax =  *(__ebp - 8);
																asm("cdq");
																__ecx =  *(__ebp - 0x2bc);
																__edx =  *(__ebp - 0x2c0);
																__eax = E0041CE40( *(__ebp - 0x2c0),  *(__ebp - 0x2bc),  *(__ebp - 8),  *(__ebp - 0x2c0));
																 *(__ebp - 0x2ac) = __eax;
																__eax =  *(__ebp - 8);
																asm("cdq");
																__eax =  *(__ebp - 0x2bc);
																__ecx =  *(__ebp - 0x2c0);
																 *(__ebp - 0x2c0) = E0041CDD0( *(__ebp - 0x2c0),  *(__ebp - 0x2bc),  *(__ebp - 8), __edx);
																 *(__ebp - 0x2bc) = __edx;
																__eflags =  *(__ebp - 0x2ac) - 0x39;
																if( *(__ebp - 0x2ac) > 0x39) {
																	__edx =  *(__ebp - 0x2ac);
																	__edx =  *(__ebp - 0x2ac) +  *(__ebp - 0x260);
																	__eflags = __edx;
																	 *(__ebp - 0x2ac) = __edx;
																}
																__eax =  *(__ebp - 4);
																__cl =  *(__ebp - 0x2ac);
																 *( *(__ebp - 4)) = __cl;
																 *(__ebp - 4) =  *(__ebp - 4) - 1;
																 *(__ebp - 4) =  *(__ebp - 4) - 1;
																L181:
																__ecx =  *(__ebp - 0x30);
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) > 0) {
																	goto L183;
																}
																goto L182;
															}
														}
														L168:
														__eflags =  *(__ebp - 0x2b8);
														if( *(__ebp - 0x2b8) >= 0) {
															goto L170;
														}
														goto L169;
													}
												case 0xe:
													while(1) {
														L190:
														if( *(_t627 - 0x28) != 0) {
															goto L216;
														}
														goto L191;
													}
											}
										case 8:
											L30:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
											goto L33;
										case 9:
											L31:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
											goto L33;
										case 0xa:
											L29:
											__ecx =  *(__ebp - 0x10);
											__ecx =  *(__ebp - 0x10) | 0x00000001;
											 *(__ebp - 0x10) = __ecx;
											goto L33;
										case 0xb:
											L28:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
											goto L33;
										case 0xc:
											L32:
											__ecx =  *(__ebp - 0x10);
											__ecx =  *(__ebp - 0x10) | 0x00000008;
											__eflags = __ecx;
											 *(__ebp - 0x10) = __ecx;
											goto L33;
										case 0xd:
											L33:
											goto L218;
									}
								} else {
									if(0 == 0) {
										 *(_t627 - 0x314) = 0;
									} else {
										 *(_t627 - 0x314) = 1;
									}
									_t574 =  *(_t627 - 0x314);
									 *(_t627 - 0x278) =  *(_t627 - 0x314);
									if( *(_t627 - 0x278) == 0) {
										_push(L"(\"Incorrect format specifier\", 0)");
										_push(0);
										_push(0x460);
										_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
										_push(2);
										_t529 = L0040E1A0();
										_t630 = _t630 + 0x14;
										if(_t529 == 1) {
											asm("int3");
										}
									}
									L14:
									if( *(_t627 - 0x278) != 0) {
										goto L16;
									} else {
										 *((intOrPtr*)(L0040EC70(_t574))) = 0x16;
										E00411A50(_t558, _t574, _t625, _t626, L"(\"Incorrect format specifier\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
										 *(_t627 - 0x2f0) = 0xffffffff;
										E0040D380(_t627 - 0x40);
										_t502 =  *(_t627 - 0x2f0);
										goto L229;
									}
								}
							}
							L219:
							if( *(_t627 - 0x25c) == 0) {
								L222:
								 *(_t627 - 0x334) = 1;
								L223:
								_t561 =  *(_t627 - 0x334);
								 *(_t627 - 0x2e0) =  *(_t627 - 0x334);
								if( *(_t627 - 0x2e0) == 0) {
									_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
									_push(0);
									_push(0x8f5);
									_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
									_push(2);
									_t507 = L0040E1A0();
									_t630 = _t630 + 0x14;
									if(_t507 == 1) {
										asm("int3");
									}
								}
								if( *(_t627 - 0x2e0) != 0) {
									 *(_t627 - 0x300) =  *(_t627 - 0x24c);
									E0040D380(_t627 - 0x40);
									_t502 =  *(_t627 - 0x300);
								} else {
									 *((intOrPtr*)(L0040EC70(_t561))) = 0x16;
									E00411A50(_t558, _t561, _t625, _t626, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
									 *(_t627 - 0x2fc) = 0xffffffff;
									E0040D380(_t627 - 0x40);
									_t502 =  *(_t627 - 0x2fc);
								}
								goto L229;
							}
							L220:
							if( *(_t627 - 0x25c) == 7) {
								goto L222;
							}
							L221:
							 *(_t627 - 0x334) = 0;
							goto L223;
						}
					} else {
						L116:
						 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
						__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
						 *(__ebp - 0x2f8) = 0xffffffff;
						__ecx = __ebp - 0x40;
						__eax = E0040D380(__ecx);
						__eax =  *(__ebp - 0x2f8);
						L229:
						return E00416CA0(_t502, _t558,  *(_t627 - 0x48) ^ _t627, _t598, _t625, _t626);
					}
					L118:
					if(( *(_t627 - 0x10) & 0x00000020) == 0) {
						 *( *(_t627 - 0x298)) =  *(_t627 - 0x24c);
					} else {
						 *( *(_t627 - 0x298)) =  *(_t627 - 0x24c);
					}
					 *(_t627 - 0x28) = 1;
					goto L190;
				}
			}

0x00421d57
0x00421d57
0x00421d57
0x00421d57
0x00421d57
0x00421d57
0x00421d5b
0x00421d60
0x00421d63
0x00421d70
0x00000000
0x00000000
0x00421d76
0x00421d76
0x00421d78
0x00421d86
0x00421d7a
0x00421d7a
0x00421d7a
0x00421d90
0x00421d96
0x00421da3
0x00421da5
0x00421daa
0x00421dac
0x00421db1
0x00421db6
0x00421db8
0x00421dbd
0x00421dc3
0x00421dc5
0x00421dc5
0x00421dc3
0x00421dcd
0x00421e15
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x0042230c
0x00422312
0x0042231c
0x00422331
0x00422346
0x00422348
0x0042234c
0x0042234c
0x00422333
0x00422333
0x00422337
0x00422337
0x0042231e
0x0042231e
0x00422322
0x00422322
0x0042231c
0x0042235c
0x00422368
0x0042237e
0x00422383
0x00422383
0x00422399
0x0042239e
0x004223a7
0x004223af
0x004223c5
0x004223ca
0x004223ca
0x004223af
0x004223d1
0x004224a5
0x004224b8
0x004224bd
0x00000000
0x004223d7
0x004223d7
0x004223db
0x00000000
0x00000000
0x004223e1
0x004223e1
0x004223ee
0x004223f7
0x004223fd
0x004223fd
0x0042240c
0x00422414
0x00000000
0x00000000
0x0042241a
0x00422423
0x00422442
0x00422447
0x0042244a
0x00422459
0x00422466
0x00422471
0x00422471
0x00000000
0x00422471
0x00422468
0x0042246f
0x0042247d
0x00422496
0x0042249b
0x00000000
0x0042249b
0x00000000
0x0042246f
0x004224a3
0x004224c0
0x004224c7
0x004224cf
0x004224e5
0x004224ea
0x004224ea
0x004224cf
0x004224c7
0x004224ed
0x004224f1
0x004224f9
0x004224fe
0x00422501
0x00422501
0x00422508
0x00422508
0x004215df
0x004215e5
0x004215f2
0x004215f7
0x00000000
0x0042160a
0x00421614
0x0042163b
0x00421622
0x00421633
0x00421633
0x00421614
0x00421645
0x0042164b
0x00421657
0x0042165a
0x00421668
0x0042166b
0x00421678
0x0042171d
0x00421723
0x00421730
0x00000000
0x00000000
0x00421736
0x0042173c
0x00000000
0x00421743
0x00421743
0x0042175b
0x00421760
0x00421763
0x00421765
0x0042181f
0x00421832
0x00421837
0x00000000
0x0042176b
0x0042177e
0x00421783
0x00421789
0x0042178b
0x00421794
0x00421794
0x00421797
0x004217a3
0x004217a7
0x004217ad
0x004217af
0x004217b4
0x004217b6
0x004217bb
0x004217c0
0x004217c2
0x004217c7
0x004217ca
0x004217cd
0x004217cf
0x004217cf
0x004217cd
0x004217d0
0x004217d0
0x004217d7
0x00000000
0x004217d9
0x004217de
0x004217fa
0x00421802
0x0042180f
0x00421814
0x00000000
0x00421814
0x004217d7
0x00000000
0x0042183f
0x0042183f
0x00421846
0x00421849
0x0042184c
0x0042184f
0x00421852
0x00421855
0x00421858
0x0042185f
0x00421866
0x00000000
0x00000000
0x00421872
0x00421872
0x00421879
0x00421885
0x00421888
0x0042188e
0x00421895
0x00000000
0x00000000
0x00421897
0x00421897
0x0042189d
0x0042189d
0x004218a4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004218e7
0x004218e7
0x004218ee
0x004218f1
0x0042191b
0x0042191e
0x0042191e
0x00421921
0x00421928
0x00421928
0x0042192c
0x004218f3
0x004218f3
0x004218ff
0x00421902
0x00421906
0x00421908
0x0042190b
0x0042190b
0x0042190e
0x00421914
0x00421916
0x00421916
0x00421919
0x00000000
0x00000000
0x00421934
0x00421934
0x00000000
0x00000000
0x00421940
0x00421940
0x00421947
0x0042194a
0x0042196a
0x0042196d
0x0042196d
0x00421977
0x00421977
0x0042197b
0x0042194c
0x0042194c
0x00421958
0x0042195b
0x0042195f
0x00421961
0x00421961
0x00421968
0x00000000
0x00000000
0x00421983
0x00421983
0x0042198a
0x00421996
0x00421999
0x0042199f
0x004219a6
0x00421ab9
0x00000000
0x00421ab9
0x004219ac
0x004219ac
0x004219b2
0x004219b2
0x004219b9
0x00000000
0x004219ef
0x004219ef
0x004219f2
0x004219f5
0x004219f8
0x00421a20
0x00421a20
0x00421a23
0x00421a26
0x00421a29
0x00421a4e
0x00421a4e
0x00421a51
0x00421a54
0x00421a57
0x00421a90
0x00421aa1
0x00000000
0x00421aa1
0x00421a59
0x00421a59
0x00421a5c
0x00421a5f
0x00421a62
0x00000000
0x00000000
0x00421a64
0x00421a64
0x00421a67
0x00421a6a
0x00421a6d
0x00000000
0x00000000
0x00421a6f
0x00421a6f
0x00421a72
0x00421a75
0x00421a78
0x00000000
0x00000000
0x00421a7a
0x00421a7a
0x00421a7d
0x00421a80
0x00421a83
0x00000000
0x00000000
0x00421a85
0x00421a85
0x00421a88
0x00421a8b
0x00421a8e
0x00421a92
0x00000000
0x00421a92
0x00000000
0x00421a8e
0x00421a2b
0x00421a2b
0x00421a2e
0x00421a32
0x00421a35
0x00000000
0x00421a37
0x00421a3a
0x00421a3d
0x00421a40
0x00421a43
0x00421a49
0x00000000
0x00421a49
0x00421a35
0x004219fa
0x004219fa
0x004219fd
0x00421a01
0x00421a04
0x00000000
0x00421a06
0x00421a09
0x00421a0c
0x00421a0f
0x00421a12
0x00421a18
0x00000000
0x00421a18
0x00000000
0x00421aa3
0x00421aa6
0x00421aa9
0x00000000
0x00000000
0x004219c0
0x004219c0
0x004219c3
0x004219c6
0x004219c9
0x004219e1
0x004219e4
0x004219e4
0x004219e7
0x004219cb
0x004219ce
0x004219d1
0x004219d7
0x004219dc
0x004219dc
0x00000000
0x00000000
0x00421aae
0x00421aae
0x00421ab1
0x00421ab1
0x00421ab6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00421abe
0x00421abe
0x00421ac5
0x00421ad1
0x00421ad4
0x00421ada
0x00421ae1
0x00000000
0x00422302
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x004222bc
0x004222bf
0x004222c2
0x004222c5
0x004222c8
0x004222cb
0x004222d1
0x004222d1
0x004222d1
0x004222d9
0x004222dd
0x00000000
0x00000000
0x004222df
0x004222df
0x004222e2
0x004222e5
0x004222e5
0x004222ea
0x004222ed
0x004222f0
0x004222f3
0x004222f6
0x004222f9
0x004222fc
0x004222fc
0x004222ff
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00421ae7
0x00421aed
0x00421aed
0x00421af4
0x00000000
0x00421e4e
0x00421e4e
0x00421e55
0x00421e5c
0x00421e5c
0x00421e5f
0x00000000
0x00000000
0x00421afb
0x00421afe
0x00421afe
0x00421b04
0x00421b06
0x00421b09
0x00421b09
0x00421b0e
0x00421b0e
0x00000000
0x00000000
0x00421c3b
0x00421c3e
0x00421c3e
0x00421c43
0x00421c45
0x00421c48
0x00421c48
0x00421c4e
0x00421c4e
0x00000000
0x00000000
0x0042201b
0x0042201b
0x00000000
0x00000000
0x00421ba5
0x00421ba5
0x00421bb1
0x00421bb7
0x00421bbe
0x00421bcc
0x00421bcc
0x00421bd2
0x00421bd5
0x00421be1
0x00421c36
0x00000000
0x00421c36
0x00421bc0
0x00421bc0
0x00421bc6
0x00421bca
0x00421be6
0x00421be9
0x00421be9
0x00421bef
0x00421c17
0x00421c1e
0x00421c24
0x00421c27
0x00421c2a
0x00421c30
0x00421c33
0x00421bf1
0x00421bf1
0x00421bf7
0x00421bfa
0x00421bfd
0x00421c03
0x00421c06
0x00421c09
0x00421c0b
0x00421c0e
0x00421c0e
0x00000000
0x00421bef
0x00000000
0x00000000
0x00421e65
0x00421e68
0x00421e6b
0x00421e6e
0x00421e74
0x00421e77
0x00421e7e
0x00421e82
0x00421e8d
0x00421e8d
0x00421e91
0x00421ea8
0x00421ea8
0x00421eaf
0x00421eb1
0x00421eb1
0x00421eb8
0x00421eb8
0x00421ebf
0x00421ed0
0x00421edf
0x00421ee2
0x00421ee6
0x00421efc
0x00421ee8
0x00421ee8
0x00421eeb
0x00421ef1
0x00421ef7
0x00421ef7
0x00421ee6
0x00421f06
0x00421f09
0x00421f0c
0x00421f0f
0x00421f12
0x00421f15
0x00421f1b
0x00421f21
0x00421f29
0x00421f2a
0x00421f2d
0x00421f2e
0x00421f31
0x00421f32
0x00421f39
0x00421f3a
0x00421f3d
0x00421f3e
0x00421f41
0x00421f42
0x00421f48
0x00421f49
0x00421f57
0x00421f59
0x00421f5f
0x00421f5f
0x00421f65
0x00421f67
0x00421f6b
0x00421f6d
0x00421f75
0x00421f76
0x00421f79
0x00421f7a
0x00421f88
0x00421f8a
0x00421f8a
0x00421f6b
0x00421f8d
0x00421f94
0x00421f97
0x00421f9c
0x00421f9c
0x00421fa2
0x00421fa4
0x00421fac
0x00421fad
0x00421fb0
0x00421fb1
0x00421fc0
0x00421fc2
0x00421fc2
0x00421fa2
0x00421fc5
0x00421fc8
0x00421fcb
0x00421fce
0x00421fd3
0x00421fd9
0x00421fdc
0x00421fdf
0x00421fdf
0x00421fe2
0x00421fe2
0x00421fe5
0x00421ff1
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00422302
0x00421e93
0x00421e93
0x00421e9a
0x00421e9d
0x00000000
0x00000000
0x00421e9f
0x00421e9f
0x00000000
0x00421e9f
0x00421e84
0x00421e84
0x00000000
0x00000000
0x00421b11
0x00421b14
0x00421b14
0x00421b1a
0x00421b75
0x00421b7d
0x00421b84
0x00421b8a
0x00421b90
0x00421b1c
0x00421b1c
0x00421b26
0x00421b2a
0x00421b32
0x00421b39
0x00421b46
0x00421b4d
0x00421b59
0x00421b5f
0x00421b66
0x00421b68
0x00421b68
0x00421b6f
0x00421b97
0x00421b9d
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00421ff9
0x00421ffc
0x00421fff
0x00422002
0x00000000
0x00000000
0x00000000
0x00000000
0x0042205c
0x0042205c
0x00422066
0x00422066
0x0042206c
0x0042206e
0x00422071
0x00422071
0x00422077
0x00422077
0x00000000
0x00000000
0x00422014
0x00422014
0x00000000
0x00000000
0x00421c51
0x00421c51
0x00421c55
0x00421c63
0x00421c66
0x00421c57
0x00421c57
0x00421c57
0x00421c6c
0x00421c72
0x00421c78
0x00421c84
0x00421c8a
0x00421c8a
0x00421c90
0x00421cf7
0x00421cf7
0x00421cfb
0x00421cfd
0x00421d03
0x00421d03
0x00421d06
0x00421d09
0x00421d0f
0x00421d0f
0x00421d0f
0x00421d1b
0x00421d1e
0x00421d24
0x00421d26
0x00000000
0x00000000
0x00421d28
0x00421d28
0x00421d2e
0x00421d31
0x00421d33
0x00000000
0x00000000
0x00421d35
0x00421d3b
0x00421d3e
0x00421d3e
0x00421d46
0x00421d46
0x00421d4c
0x00421d4c
0x00421d4f
0x00000000
0x00421c92
0x00421c92
0x00421c92
0x00421c96
0x00421c98
0x00421c9d
0x00421c9d
0x00421ca0
0x00421ca7
0x00421caa
0x00421cb0
0x00421cb0
0x00421cb0
0x00421cbc
0x00421cbf
0x00421cc5
0x00421cc7
0x00000000
0x00000000
0x00421cc9
0x00421cc9
0x00421ccf
0x00421cd2
0x00421cd4
0x00000000
0x00000000
0x00421cd6
0x00421cdc
0x00421cdf
0x00421cdf
0x00421ce7
0x00421ced
0x00421cf0
0x00421cf2
0x00421d52
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00000000
0x0042200b
0x0042200b
0x00000000
0x00000000
0x00422027
0x00422027
0x00422031
0x00422031
0x0042203b
0x0042203b
0x00422041
0x00422043
0x0042204d
0x0042204d
0x00422050
0x00422053
0x00422053
0x0042207a
0x0042207d
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x00422136
0x0042213a
0x00422142
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211b
0x0042211f
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f5
0x00422101
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220d9
0x004220dd
0x004220e5
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220ac
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422084
0x00422090
0x00422096
0x00422096
0x00422153
0x00422153
0x00422156
0x00422198
0x00422198
0x0042219e
0x004221a4
0x004221aa
0x00000000
0x00422158
0x00422158
0x00422158
0x0042215f
0x00000000
0x00000000
0x00422161
0x00422161
0x0042216c
0x00422172
0x00422174
0x0042217a
0x0042217d
0x0042217f
0x00422185
0x0042218e
0x00422193
0x004221b0
0x004221b3
0x004221b3
0x004221b8
0x004221bd
0x004221bd
0x004221c3
0x004221c5
0x004221cb
0x004221d1
0x004221d1
0x004221da
0x004221da
0x004221c3
0x004221e0
0x004221e4
0x004221f2
0x004221f5
0x004221f8
0x004221ff
0x00422201
0x00422201
0x004221e6
0x004221e6
0x004221e6
0x0042220e
0x0042220e
0x00422214
0x00422216
0x00422216
0x0042221d
0x00422220
0x00422223
0x00422223
0x00422223
0x00422229
0x0042222c
0x0042222f
0x00422231
0x00000000
0x00000000
0x00422233
0x00422239
0x00422239
0x0042223f
0x00000000
0x00000000
0x00422241
0x00422241
0x00422244
0x00422247
0x0042224e
0x00422255
0x0042225d
0x00422263
0x00422266
0x00422269
0x00422270
0x0042227c
0x00422282
0x00422288
0x0042228f
0x00422291
0x00422297
0x00422297
0x0042229d
0x0042229d
0x004222a3
0x004222a6
0x004222ac
0x004222b1
0x004222b4
0x00422223
0x00422223
0x00422229
0x0042222c
0x0042222f
0x00422231
0x00000000
0x00000000
0x00000000
0x00422231
0x00422223
0x00422163
0x00422163
0x0042216a
0x00000000
0x00000000
0x00000000
0x0042216a
0x00000000
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00000000
0x004218c1
0x004218c4
0x004218c7
0x00000000
0x00000000
0x004218cc
0x004218cf
0x004218d4
0x00000000
0x00000000
0x004218b6
0x004218b6
0x004218b9
0x004218bc
0x00000000
0x00000000
0x004218ab
0x004218ae
0x004218b1
0x00000000
0x00000000
0x004218d9
0x004218d9
0x004218dc
0x004218dc
0x004218df
0x00000000
0x00000000
0x004218e2
0x00000000
0x00000000
0x0042167e
0x00421680
0x0042168e
0x00421682
0x00421682
0x00421682
0x00421698
0x0042169e
0x004216ab
0x004216ad
0x004216b2
0x004216b4
0x004216b9
0x004216be
0x004216c0
0x004216c5
0x004216cb
0x004216cd
0x004216cd
0x004216cb
0x004216ce
0x004216d5
0x00000000
0x004216d7
0x004216dc
0x004216f8
0x00421700
0x0042170d
0x00421712
0x00000000
0x00421712
0x004216d5
0x00421678
0x0042250d
0x00422514
0x0042252b
0x0042252b
0x00422535
0x00422535
0x0042253b
0x00422548
0x0042254a
0x0042254f
0x00422551
0x00422556
0x0042255b
0x0042255d
0x00422562
0x00422568
0x0042256a
0x0042256a
0x00422568
0x00422572
0x004225bd
0x004225c6
0x004225cb
0x00422574
0x00422579
0x00422595
0x0042259d
0x004225aa
0x004225af
0x004225af
0x00000000
0x00422572
0x00422516
0x0042251d
0x00000000
0x00000000
0x0042251f
0x0042251f
0x00000000
0x0042251f
0x00421dcf
0x00421dcf
0x00421dd4
0x00421df0
0x00421df8
0x00421e02
0x00421e05
0x00421e0a
0x004225d1
0x004225de
0x004225de
0x00421e1a
0x00421e20
0x00421e40
0x00421e22
0x00421e2f
0x00421e2f
0x00421e42
0x00000000
0x00421e42

APIs

_get_int_arg.LIBCMTD ref: 00421D5B
__get_printf_count_output.LIBCMTD ref: 00421D69
__invalid_parameter.LIBCMTD ref: 00421DF0
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00421E05
_write_multi_char.LIBCMTD ref: 0042237E
_write_string.LIBCMTD ref: 00422399
_write_multi_char.LIBCMTD ref: 004223C5
_wctomb_s.LIBCMTD ref: 00422442

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\output.c, xrefs: 004216B9, 004216E9, 00421DB1, 00421DE1
_output_s_l, xrefs: 004216EE, 00421DE6
-, xrefs: 0042231E
("'n' format specifier disabled", 0), xrefs: 00421DA5, 00421DEB
("Incorrect format specifier", 0), xrefs: 004216AD, 004216F3

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___get_printf_count_output__invalid_parameter_get_int_arg_wctomb_s_write_string
String ID: ("'n' format specifier disabled", 0)$("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
API String ID: 2357813345-2363074782
Opcode ID: 4379c1649036bee3251d9156f27b723a57a31022ea91d637b3a0e5bb61386255
Instruction ID: f04e039f0e8840ec5d1dba2a48301279b6c1ace4557b27e78eccaaa2793702d2
Opcode Fuzzy Hash: 4379c1649036bee3251d9156f27b723a57a31022ea91d637b3a0e5bb61386255
Instruction Fuzzy Hash: ABA1AF70E01228ABDF24DF54DD49BEEB7B0AB58304F9481DAE4097A291D7B85E80CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00413277 Relevance: 28.1, APIs: 6, Strings: 10, Instructions: 100
windowCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00413277() {
				intOrPtr _t36;
				intOrPtr* _t37;
				void* _t40;
				void* _t48;
				void* _t62;
				void* _t63;
				signed int _t64;
				void* _t66;
				void* _t67;

				 *(_t64 - 0x114c) = "...";
				if( *((intOrPtr*)(_t64 + 0x14)) == 0) {
					 *(_t64 - 0x1150) = 0x403d78;
				} else {
					 *(_t64 - 0x1150) = "\nModule: ";
				}
				_push( *((intOrPtr*)(_t64 - 0x1124)));
				_push( *((intOrPtr*)(_t64 - 0x1128)));
				_push( *((intOrPtr*)(_t64 - 0x112c)));
				_push( *((intOrPtr*)(_t64 - 0x1130)));
				_push( *((intOrPtr*)(_t64 - 0x1134)));
				_push( *((intOrPtr*)(_t64 - 0x1138)));
				_push( *((intOrPtr*)(_t64 - 0x113c)));
				_push( *((intOrPtr*)(_t64 - 0x1140)));
				_push( *((intOrPtr*)(_t64 - 0x1144)));
				_push( *(_t64 - 0x114c));
				_push( *(_t64 - 0x1150));
				_push( *((intOrPtr*)(_t64 - 8)));
				_t61 =  *(_t64 + 8);
				_t53 = _t64 - 0x1010;
				_t36 = E00416AA0(_t64 - 0x1010, _t64 - 0x1010, 0x1000, 0xfff, "Debug %s!\n\nProgram: %s%s%s%s%s%s%s%s%s%s%s%s\n\n(Press Retry to debug the application)",  *((intOrPtr*)(0x4048a8 +  *(_t64 + 8) * 4)));
				_t67 = _t66 + 0x44;
				 *((intOrPtr*)(_t64 - 0xc)) = _t36;
				if( *((intOrPtr*)(_t64 - 0xc)) < 0) {
					_t61 =  *(L0040EC70(_t53));
					E0040D870( *(L0040EC70(_t53)), 0x16, 0x22, L"(*_errno())", L"__crtMessageWindowA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrpt.c", 0x160, 0);
					_t67 = _t67 + 0x20;
				}
				_t37 = L0040EC70(_t53);
				_t54 =  *((intOrPtr*)(_t64 - 0x1120));
				 *_t37 =  *((intOrPtr*)(_t64 - 0x1120));
				if( *((intOrPtr*)(_t64 - 0xc)) < 0) {
					_t61 = _t64 - 0x1010;
					E0040DDE0(E0040D960(_t48, _t54, _t63, _t64 - 0x1010, 0x1000, "_CrtDbgReport: String too long or IO Error"), _t44, L"strcpy_s(szOutMessage, 4096, \"_CrtDbgReport: String too long or IO Error\")", L"__crtMessageWindowA", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgrpt.c", 0x165, 0);
					_t67 = _t67 + 0x24;
				}
				 *((intOrPtr*)(_t64 - 0x111c)) = E0041A080(_t64 - 0x1010, "Microsoft Visual C++ Debug Library", 0x12012);
				if( *((intOrPtr*)(_t64 - 0x111c)) == 3) {
					E004183D0(0x16);
					E0040FB80(3);
				}
				if( *((intOrPtr*)(_t64 - 0x111c)) != 4) {
					_t40 = 0;
				} else {
					_t40 = 1;
				}
				return E00416CA0(_t40, _t48,  *(_t64 - 0x10) ^ _t64, _t61, _t62, _t63);
			}

0x00413277
0x00413291
0x0041329f
0x00413293
0x00413293
0x00413293
0x004132af
0x004132b6
0x004132bd
0x004132c4
0x004132cb
0x004132d2
0x004132d9
0x004132e0
0x004132e7
0x004132ee
0x004132f5
0x004132f9
0x004132fa
0x00413314
0x0041331b
0x00413320
0x00413323
0x0041332a
0x0041334b
0x0041334e
0x00413353
0x00413353
0x00413356
0x0041335b
0x00413361
0x00413367
0x00413389
0x00413399
0x0041339e
0x0041339e
0x004133ba
0x004133c7
0x004133cb
0x004133d5
0x004133d5
0x004133e1
0x004133ea
0x004133e3
0x004133e3
0x004133e3
0x004133f9

APIs

__snwprintf_s.LIBCMTD ref: 0041331B
__invoke_watson_if_oneof.LIBCMTD ref: 0041334E
_wcscpy_s.LIBCMTD ref: 00413390
__invoke_watson_if_error.LIBCMTD ref: 00413399
___crtMessageBoxW.LIBCMTD ref: 004133B2
_raise.LIBCMTD ref: 004133CB

Strings

(*_errno()), xrefs: 0041333D
__crtMessageWindowA, xrefs: 00413338, 00413375
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error"), xrefs: 0041337A
(F@, xrefs: 004132E8, 004132EE
..., xrefs: 00413277
Module: , xrefs: 00413293
_CrtDbgReport: String too long or IO Error, xrefs: 0041337F
Microsoft Visual C++ Debug Library, xrefs: 004133A6
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c, xrefs: 00413333, 00413370
Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application), xrefs: 00413305

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: Message___crt__invoke_watson_if_error__invoke_watson_if_oneof__snwprintf_s_raise_wcscpy_s
String ID: Module: $(*_errno())$(F@$...$Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application)$Microsoft Visual C++ Debug Library$_CrtDbgReport: String too long or IO Error$__crtMessageWindowA$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
API String ID: 1485069716-1383134714
Opcode ID: 084fbd19bc64d9b4e91a7dfe196a2bb5c3f80f70233bfa58c57a5ed39142056d
Instruction ID: bb5b7e96d912d55e4cae483aa32f5a6e984fe357a54508584bab1faaa77bc80f
Opcode Fuzzy Hash: 084fbd19bc64d9b4e91a7dfe196a2bb5c3f80f70233bfa58c57a5ed39142056d
Instruction Fuzzy Hash: 423195B5E40218BBDB24EE91CC46FDA73B4AB48745F0041AAF308762C1D6B85BD4CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004235FA Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 238
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E004235FA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t482;
				signed int _t486;
				void* _t491;
				signed int _t493;
				void* _t501;
				void* _t519;
				signed int _t523;
				void* _t534;
				signed int _t576;
				void* _t598;
				void* _t599;
				signed int _t600;
				void* _t602;
				void* _t603;

				L0:
				while(1) {
					L0:
					_t599 = __esi;
					_t598 = __edi;
					_t534 = __ebx;
					_t482 = E0041C290(_t600 + 0x14);
					_t603 = _t602 + 4;
					 *(_t600 - 0x484) = _t482;
					if(E00420F80() != 0) {
						goto L115;
					}
					L106:
					__ecx = 0;
					if(0 == 0) {
						 *(__ebp - 0x4f4) = 0;
					} else {
						 *(__ebp - 0x4f4) = 1;
					}
					__edx =  *(__ebp - 0x4f4);
					 *(__ebp - 0x488) =  *(__ebp - 0x4f4);
					if( *(__ebp - 0x488) == 0) {
						_push(L"(\"\'n\' format specifier disabled\", 0)");
						_push(0);
						_push(0x695);
						_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
						_push(2);
						__eax = L0040E1A0();
						__esp = __esp + 0x14;
						if(__eax == 1) {
							asm("int3");
						}
					}
					if( *(__ebp - 0x488) != 0) {
						L114:
						while(1) {
							L187:
							if( *(_t600 - 0x28) != 0) {
								goto L212;
							}
							L188:
							if(( *(_t600 - 0x10) & 0x00000040) != 0) {
								if(( *(_t600 - 0x10) & 0x00000100) == 0) {
									if(( *(_t600 - 0x10) & 0x00000001) == 0) {
										if(( *(_t600 - 0x10) & 0x00000002) != 0) {
											 *((short*)(_t600 - 0x14)) = 0x20;
											 *(_t600 - 0x1c) = 1;
										}
									} else {
										 *((short*)(_t600 - 0x14)) = 0x2b;
										 *(_t600 - 0x1c) = 1;
									}
								} else {
									 *((short*)(_t600 - 0x14)) = 0x2d;
									 *(_t600 - 0x1c) = 1;
								}
							}
							 *((intOrPtr*)(_t600 - 0x4ac)) =  *((intOrPtr*)(_t600 - 0x18)) -  *(_t600 - 0x24) -  *(_t600 - 0x1c);
							if(( *(_t600 - 0x10) & 0x0000000c) == 0) {
								E00423FF0(0x20,  *((intOrPtr*)(_t600 - 0x4ac)),  *((intOrPtr*)(_t600 + 8)), _t600 - 0x44c);
								_t603 = _t603 + 0x10;
							}
							E00424030( *(_t600 - 0x1c), _t600 - 0x14,  *(_t600 - 0x1c),  *((intOrPtr*)(_t600 + 8)), _t600 - 0x44c);
							_t603 = _t603 + 0x10;
							if(( *(_t600 - 0x10) & 0x00000008) != 0) {
								if(( *(_t600 - 0x10) & 0x00000004) == 0) {
									E00423FF0(0x30,  *((intOrPtr*)(_t600 - 0x4ac)),  *((intOrPtr*)(_t600 + 8)), _t600 - 0x44c);
									_t603 = _t603 + 0x10;
								}
							}
							if( *(_t600 - 0xc) != 0) {
								L208:
								E00424030( *(_t600 - 0x24),  *((intOrPtr*)(_t600 - 4)),  *(_t600 - 0x24),  *((intOrPtr*)(_t600 + 8)), _t600 - 0x44c);
								_t603 = _t603 + 0x10;
								goto L209;
							} else {
								L201:
								if( *(_t600 - 0x24) <= 0) {
									goto L208;
								}
								L202:
								 *((intOrPtr*)(_t600 - 0x4b0)) =  *((intOrPtr*)(_t600 - 4));
								 *(_t600 - 0x4b4) =  *(_t600 - 0x24);
								while(1) {
									L203:
									 *(_t600 - 0x4b4) =  *(_t600 - 0x4b4) - 1;
									if( *(_t600 - 0x4b4) <= 0) {
										break;
									}
									L204:
									_t519 = E0040D3B0(_t600 - 0x40);
									_t523 = E00419150(_t600 - 0x458,  *((intOrPtr*)(_t600 - 0x4b0)),  *((intOrPtr*)( *((intOrPtr*)(E0040D3B0(_t600 - 0x40))) + 0xac)), _t519);
									_t603 = _t603 + 0x10;
									 *(_t600 - 0x4b8) = _t523;
									if( *(_t600 - 0x4b8) > 0) {
										L206:
										E00423F90( *(_t600 - 0x458) & 0x0000ffff,  *((intOrPtr*)(_t600 + 8)), _t600 - 0x44c);
										_t603 = _t603 + 0xc;
										 *((intOrPtr*)(_t600 - 0x4b0)) =  *((intOrPtr*)(_t600 - 0x4b0)) +  *(_t600 - 0x4b8);
										continue;
									}
									L205:
									 *(_t600 - 0x44c) = 0xffffffff;
									break;
								}
								L207:
								L209:
								if( *(_t600 - 0x44c) >= 0) {
									if(( *(_t600 - 0x10) & 0x00000004) != 0) {
										E00423FF0(0x20,  *((intOrPtr*)(_t600 - 0x4ac)),  *((intOrPtr*)(_t600 + 8)), _t600 - 0x44c);
										_t603 = _t603 + 0x10;
									}
								}
							}
							L212:
							if( *(_t600 - 0x20) != 0) {
								L0040C240( *(_t600 - 0x20), 2);
								_t603 = _t603 + 8;
								 *(_t600 - 0x20) = 0;
							}
							while(1) {
								L214:
								 *(_t600 - 0x454) =  *((intOrPtr*)( *((intOrPtr*)(_t600 + 0xc))));
								_t538 =  *(_t600 - 0x454) & 0x0000ffff;
								 *((intOrPtr*)(_t600 + 0xc)) =  *((intOrPtr*)(_t600 + 0xc)) + 2;
								if(( *(_t600 - 0x454) & 0x0000ffff) == 0 ||  *(_t600 - 0x44c) < 0) {
									break;
								} else {
									if(( *(_t600 - 0x454) & 0x0000ffff) < 0x20 || ( *(_t600 - 0x454) & 0x0000ffff) > 0x78) {
										 *(_t600 - 0x4d8) = 0;
									} else {
										 *(_t600 - 0x4d8) =  *(( *(_t600 - 0x454) & 0x0000ffff) + L"pecifier\", 0)") & 0xf;
									}
								}
								L7:
								 *(_t600 - 0x450) =  *(_t600 - 0x4d8);
								_t576 =  *(_t600 - 0x450) * 9;
								_t493 =  *(_t600 - 0x45c);
								_t546 = ( *(_t576 + _t493 + 0x4083d0) & 0x000000ff) >> 4;
								 *(_t600 - 0x45c) = ( *(_t576 + _t493 + 0x4083d0) & 0x000000ff) >> 4;
								if( *(_t600 - 0x45c) != 8) {
									L16:
									 *(_t600 - 0x4e0) =  *(_t600 - 0x45c);
									if( *(_t600 - 0x4e0) > 7) {
										continue;
									}
									L17:
									switch( *((intOrPtr*)( *(_t600 - 0x4e0) * 4 +  &M00423E84))) {
										case 0:
											L18:
											 *(_t600 - 0xc) = 1;
											E00423F90( *(_t600 - 0x454) & 0x0000ffff,  *((intOrPtr*)(_t600 + 8)), _t600 - 0x44c);
											_t603 = _t603 + 0xc;
											goto L214;
										case 1:
											L19:
											 *(__ebp - 0x2c) = 0;
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x28) = __ecx;
											__edx =  *(__ebp - 0x28);
											 *(__ebp - 0x18) =  *(__ebp - 0x28);
											__eax =  *(__ebp - 0x18);
											 *(__ebp - 0x1c) =  *(__ebp - 0x18);
											 *(__ebp - 0x10) = 0;
											 *(__ebp - 0x30) = 0xffffffff;
											 *(__ebp - 0xc) = 0;
											goto L214;
										case 2:
											L20:
											__ecx =  *(__ebp - 0x454) & 0x0000ffff;
											 *(__ebp - 0x4e4) = __ecx;
											 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
											 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
											__eflags =  *(__ebp - 0x4e4) - 0x10;
											if( *(__ebp - 0x4e4) > 0x10) {
												goto L27;
											}
											L21:
											_t58 =  *(__ebp - 0x4e4) + 0x423ebc; // 0x498d04
											__ecx =  *_t58 & 0x000000ff;
											switch( *((intOrPtr*)(__ecx * 4 +  &M00423EA4))) {
												case 0:
													goto L24;
												case 1:
													goto L25;
												case 2:
													goto L23;
												case 3:
													goto L22;
												case 4:
													goto L26;
												case 5:
													goto L27;
											}
										case 3:
											L28:
											__ecx =  *(__ebp - 0x454) & 0x0000ffff;
											__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x2a;
											if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
												__edx =  *(__ebp - 0x18);
												__edx =  *(__ebp - 0x18) * 0xa;
												__eflags = __edx;
												_t82 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
												__ecx = __edx + _t82;
												 *(__ebp - 0x18) = __ecx;
											} else {
												__edx = __ebp + 0x14;
												 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
												__eflags =  *(__ebp - 0x18);
												if( *(__ebp - 0x18) < 0) {
													__eax =  *(__ebp - 0x10);
													__eax =  *(__ebp - 0x10) | 0x00000004;
													__eflags = __eax;
													 *(__ebp - 0x10) = __eax;
													__ecx =  *(__ebp - 0x18);
													__ecx =  ~( *(__ebp - 0x18));
													 *(__ebp - 0x18) = __ecx;
												}
											}
											L33:
											goto L214;
										case 4:
											L34:
											 *(__ebp - 0x30) = 0;
											goto L214;
										case 5:
											L35:
											__edx =  *(__ebp - 0x454) & 0x0000ffff;
											__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x2a;
											if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
												__ecx =  *(__ebp - 0x30);
												__ecx =  *(__ebp - 0x30) * 0xa;
												__eflags = __ecx;
												_t93 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
												__eax = __ecx + _t93;
												 *(__ebp - 0x30) = __ecx + _t93;
											} else {
												__eax = __ebp + 0x14;
												 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
												__eflags =  *(__ebp - 0x30);
												if( *(__ebp - 0x30) < 0) {
													 *(__ebp - 0x30) = 0xffffffff;
												}
											}
											goto L214;
										case 6:
											L41:
											__ecx =  *(__ebp - 0x454) & 0x0000ffff;
											 *(__ebp - 0x4e8) = __ecx;
											 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
											 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
											__eflags =  *(__ebp - 0x4e8) - 0x2e;
											if( *(__ebp - 0x4e8) > 0x2e) {
												L64:
												goto L214;
											}
											L42:
											_t101 =  *(__ebp - 0x4e8) + 0x423ee4; // 0x36f19003
											__ecx =  *_t101 & 0x000000ff;
											switch( *((intOrPtr*)(__ecx * 4 +  &M00423ED0))) {
												case 0:
													L47:
													__ecx =  *(__ebp + 0xc);
													__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
													__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x36;
													if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x36) {
														L50:
														__ecx =  *(__ebp + 0xc);
														__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
														__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x33;
														if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x33) {
															L53:
															__ecx =  *(__ebp + 0xc);
															__edx =  *__ecx & 0x0000ffff;
															__eflags = ( *__ecx & 0x0000ffff) - 0x64;
															if(( *__ecx & 0x0000ffff) == 0x64) {
																L59:
																L61:
																goto L64;
															}
															L54:
															__eax =  *(__ebp + 0xc);
															__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
															__eflags = __ecx - 0x69;
															if(__ecx == 0x69) {
																goto L59;
															}
															L55:
															__edx =  *(__ebp + 0xc);
															__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
															__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x6f;
															if(( *( *(__ebp + 0xc)) & 0x0000ffff) == 0x6f) {
																goto L59;
															}
															L56:
															__ecx =  *(__ebp + 0xc);
															__edx =  *__ecx & 0x0000ffff;
															__eflags = ( *__ecx & 0x0000ffff) - 0x75;
															if(( *__ecx & 0x0000ffff) == 0x75) {
																goto L59;
															}
															L57:
															__eax =  *(__ebp + 0xc);
															__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
															__eflags = __ecx - 0x78;
															if(__ecx == 0x78) {
																goto L59;
															}
															L58:
															__edx =  *(__ebp + 0xc);
															__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
															__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x58;
															if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x58) {
																 *(__ebp - 0x45c) = 0;
																goto L18;
															}
															goto L59;
														}
														L51:
														__eax =  *(__ebp + 0xc);
														__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
														__eflags = __ecx - 0x32;
														if(__ecx != 0x32) {
															goto L53;
														} else {
															 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
															 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
															goto L61;
														}
													}
													L48:
													__eax =  *(__ebp + 0xc);
													__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
													__eflags = __ecx - 0x34;
													if(__ecx != 0x34) {
														goto L50;
													} else {
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
														goto L61;
													}
												case 1:
													L62:
													__ecx =  *(__ebp - 0x10);
													__ecx =  *(__ebp - 0x10) | 0x00000020;
													 *(__ebp - 0x10) = __ecx;
													goto L64;
												case 2:
													L43:
													__edx =  *(__ebp + 0xc);
													__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
													__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x6c;
													if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x6c) {
														__eax =  *(__ebp - 0x10);
														__eax =  *(__ebp - 0x10) | 0x00000010;
														__eflags = __eax;
														 *(__ebp - 0x10) = __eax;
													} else {
														__ecx =  *(__ebp + 0xc);
														__ecx =  *(__ebp + 0xc) + 2;
														 *(__ebp + 0xc) = __ecx;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
													}
													goto L64;
												case 3:
													L63:
													__edx =  *(__ebp - 0x10);
													__edx =  *(__ebp - 0x10) | 0x00000800;
													__eflags = __edx;
													 *(__ebp - 0x10) = __edx;
													goto L64;
												case 4:
													goto L64;
											}
										case 7:
											L65:
											__eax =  *(__ebp - 0x454) & 0x0000ffff;
											 *(__ebp - 0x4ec) =  *(__ebp - 0x454) & 0x0000ffff;
											__ecx =  *(__ebp - 0x4ec);
											__ecx =  *(__ebp - 0x4ec) - 0x41;
											 *(__ebp - 0x4ec) = __ecx;
											__eflags =  *(__ebp - 0x4ec) - 0x37;
											if( *(__ebp - 0x4ec) > 0x37) {
												goto L187;
												do {
													do {
														while(1) {
															L187:
															if( *(_t600 - 0x28) != 0) {
																goto L212;
															}
															goto L188;
														}
														L183:
														__ebp - 0x249 = __ebp - 0x249 -  *(__ebp - 4);
														 *(__ebp - 0x24) = __ebp - 0x249 -  *(__ebp - 4);
														__ecx =  *(__ebp - 4);
														__ecx =  *(__ebp - 4) + 1;
														 *(__ebp - 4) = __ecx;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000200;
														__eflags =  *(__ebp - 0x10) & 0x00000200;
													} while (( *(__ebp - 0x10) & 0x00000200) == 0);
													__eflags =  *(__ebp - 0x24);
													if( *(__ebp - 0x24) == 0) {
														break;
													}
													L185:
													__eax =  *(__ebp - 4);
													__ecx =  *( *(__ebp - 4));
													__eflags = __ecx - 0x30;
												} while (__ecx == 0x30);
												L186:
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												__eax =  *(__ebp - 4);
												 *( *(__ebp - 4)) = 0x30;
												__ecx =  *(__ebp - 0x24);
												__ecx =  *(__ebp - 0x24) + 1;
												__eflags = __ecx;
												 *(__ebp - 0x24) = __ecx;
												while(1) {
													L187:
													if( *(_t600 - 0x28) != 0) {
														goto L212;
													}
													goto L188;
												}
											}
											L66:
											_t142 =  *(__ebp - 0x4ec) + 0x423f50; // 0xcccccc0d
											__eax =  *_t142 & 0x000000ff;
											switch( *((intOrPtr*)(( *_t142 & 0x000000ff) * 4 +  &M00423F14))) {
												case 0:
													L119:
													 *(__ebp - 0x2c) = 1;
													 *(__ebp - 0x454) & 0x0000ffff = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
													__eflags = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
													 *(__ebp - 0x454) = __ax;
													goto L120;
												case 1:
													L67:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
													__eflags =  *(__ebp - 0x10) & 0x00000830;
													if(( *(__ebp - 0x10) & 0x00000830) == 0) {
														__edx =  *(__ebp - 0x10);
														__edx =  *(__ebp - 0x10) | 0x00000020;
														__eflags = __edx;
														 *(__ebp - 0x10) = __edx;
													}
													goto L69;
												case 2:
													L82:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
													__eflags =  *(__ebp - 0x10) & 0x00000830;
													if(( *(__ebp - 0x10) & 0x00000830) == 0) {
														__ecx =  *(__ebp - 0x10);
														__ecx =  *(__ebp - 0x10) | 0x00000020;
														__eflags = __ecx;
														 *(__ebp - 0x10) = __ecx;
													}
													goto L84;
												case 3:
													L143:
													 *(__ebp - 0x460) = 7;
													goto L145;
												case 4:
													L75:
													__eax = __ebp + 0x14;
													 *(__ebp - 0x474) = E0041C290(__ebp + 0x14);
													__eflags =  *(__ebp - 0x474);
													if( *(__ebp - 0x474) == 0) {
														L77:
														__edx =  *0x60b4f0; // 0x407424
														 *(__ebp - 4) = __edx;
														__eax =  *(__ebp - 4);
														 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
														L81:
														goto L187;
													}
													L76:
													__ecx =  *(__ebp - 0x474);
													__eflags =  *(__ecx + 4);
													if( *(__ecx + 4) != 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
														__eflags =  *(__ebp - 0x10) & 0x00000800;
														if(( *(__ebp - 0x10) & 0x00000800) == 0) {
															 *(__ebp - 0xc) = 0;
															__edx =  *(__ebp - 0x474);
															__eax =  *(__edx + 4);
															 *(__ebp - 4) =  *(__edx + 4);
															__ecx =  *(__ebp - 0x474);
															__edx =  *__ecx;
															 *(__ebp - 0x24) =  *__ecx;
														} else {
															__edx =  *(__ebp - 0x474);
															__eax =  *(__edx + 4);
															 *(__ebp - 4) =  *(__edx + 4);
															__ecx =  *(__ebp - 0x474);
															__eax =  *__ecx;
															asm("cdq");
															 *__ecx - __edx =  *__ecx - __edx >> 1;
															 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
															 *(__ebp - 0xc) = 1;
														}
														goto L81;
													}
													goto L77;
												case 5:
													L120:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													__edx = __ebp - 0x448;
													 *(__ebp - 4) = __ebp - 0x448;
													 *(__ebp - 0x44) = 0x200;
													__eflags =  *(__ebp - 0x30);
													if( *(__ebp - 0x30) >= 0) {
														L122:
														__eflags =  *(__ebp - 0x30);
														if( *(__ebp - 0x30) != 0) {
															L125:
															__eflags =  *(__ebp - 0x30) - 0x200;
															if( *(__ebp - 0x30) > 0x200) {
																 *(__ebp - 0x30) = 0x200;
															}
															L127:
															__eflags =  *(__ebp - 0x30) - 0xa3;
															if( *(__ebp - 0x30) > 0xa3) {
																__ecx =  *(__ebp - 0x30);
																__ecx =  *(__ebp - 0x30) + 0x15d;
																 *(__ebp - 0x20) = L0040B5C0( *(__ebp - 0x30) + 0x15d,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																__eflags =  *(__ebp - 0x20);
																if( *(__ebp - 0x20) == 0) {
																	 *(__ebp - 0x30) = 0xa3;
																} else {
																	__edx =  *(__ebp - 0x20);
																	 *(__ebp - 4) =  *(__ebp - 0x20);
																	 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																	 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																}
															}
															 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
															 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
															__edx =  *(__ebp + 0x14);
															__eax =  *(__edx - 8);
															__ecx =  *(__edx - 4);
															 *(__ebp - 0x490) =  *(__edx - 8);
															 *(__ebp - 0x48c) =  *(__edx - 4);
															__ecx = __ebp - 0x40;
															_push(E0040D3B0(__ebp - 0x40));
															__edx =  *(__ebp - 0x2c);
															_push( *(__ebp - 0x2c));
															__eax =  *(__ebp - 0x30);
															_push( *(__ebp - 0x30));
															__ecx =  *(__ebp - 0x454);
															_push( *(__ebp - 0x454));
															__edx =  *(__ebp - 0x44);
															_push( *(__ebp - 0x44));
															__eax =  *(__ebp - 4);
															_push( *(__ebp - 4));
															__ecx = __ebp - 0x490;
															_push(__ebp - 0x490);
															__edx =  *0x60b3cc; // 0x7e8c4bdb
															E00410200(__edx) =  *__eax();
															__esp = __esp + 0x1c;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
															__eflags =  *(__ebp - 0x10) & 0x00000080;
															if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) == 0) {
																	__ecx = __ebp - 0x40;
																	_push(E0040D3B0(__ebp - 0x40));
																	__ecx =  *(__ebp - 4);
																	_push( *(__ebp - 4));
																	__edx =  *0x60b3d8; // 0x7e8c4bdb
																	E00410200(__edx) =  *__eax();
																	__esp = __esp + 8;
																}
															}
															__eax =  *(__ebp - 0x454) & 0x0000ffff;
															__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x67;
															if(( *(__ebp - 0x454) & 0x0000ffff) == 0x67) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																__eflags =  *(__ebp - 0x10) & 0x00000080;
																if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																	__ecx = __ebp - 0x40;
																	_push(E0040D3B0(__ebp - 0x40));
																	__edx =  *(__ebp - 4);
																	_push( *(__ebp - 4));
																	__eax =  *0x60b3d4; // 0x7e8c4bdb
																	__eax =  *__eax();
																	__esp = __esp + 8;
																}
															}
															__ecx =  *(__ebp - 4);
															__edx =  *( *(__ebp - 4));
															__eflags =  *( *(__ebp - 4)) - 0x2d;
															if( *( *(__ebp - 4)) == 0x2d) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																__ecx =  *(__ebp - 4);
																__ecx =  *(__ebp - 4) + 1;
																__eflags = __ecx;
																 *(__ebp - 4) = __ecx;
															}
															__edx =  *(__ebp - 4);
															 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
															do {
																L187:
																if( *(_t600 - 0x28) != 0) {
																	goto L212;
																}
																goto L188;
															} while ( *(__ebp - 0x4ec) > 0x37);
															goto L66;
														}
														L123:
														__eax =  *(__ebp - 0x454) & 0x0000ffff;
														__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x67;
														if(( *(__ebp - 0x454) & 0x0000ffff) != 0x67) {
															goto L125;
														}
														L124:
														 *(__ebp - 0x30) = 1;
														goto L127;
													}
													L121:
													 *(__ebp - 0x30) = 6;
													goto L127;
												case 6:
													L69:
													 *(__ebp - 0xc) = 1;
													__ebp + 0x14 = E0041C290(__ebp + 0x14);
													 *(__ebp - 0x458) = __ax;
													__ecx =  *(__ebp - 0x10);
													__ecx =  *(__ebp - 0x10) & 0x00000020;
													__eflags = __ecx;
													if(__ecx == 0) {
														 *(__ebp - 0x448) =  *(__ebp - 0x458);
													} else {
														 *(__ebp - 0x458) & 0x0000ffff =  *(__ebp - 0x458) & 0xff;
														 *(__ebp - 0x470) = __dl;
														 *((char*)(__ebp - 0x46f)) = 0;
														__ecx = __ebp - 0x40;
														__eax = E0040D3B0(__ebp - 0x40);
														__ecx = __ebp - 0x40;
														E0040D3B0(__ebp - 0x40) =  *__eax;
														__ecx =  *(__ebp - 0x448 + 0xac);
														__edx = __ebp - 0x470;
														__eax = __ebp - 0x448;
														__eax = E00419150(__ebp - 0x448, __ebp - 0x470,  *(__ebp - 0x448 + 0xac), __ebp - 0x448);
														__eflags = __eax;
														if(__eax < 0) {
															 *(__ebp - 0x28) = 1;
														}
													}
													__edx = __ebp - 0x448;
													 *(__ebp - 4) = __ebp - 0x448;
													 *(__ebp - 0x24) = 1;
													while(1) {
														L187:
														if( *(_t600 - 0x28) != 0) {
															goto L212;
														}
														goto L188;
													}
												case 7:
													L140:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 8) = 0xa;
													goto L150;
												case 8:
													goto L0;
												case 9:
													L148:
													 *(__ebp - 8) = 8;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
													__eflags =  *(__ebp - 0x10) & 0x00000080;
													if(( *(__ebp - 0x10) & 0x00000080) != 0) {
														__edx =  *(__ebp - 0x10);
														__edx =  *(__ebp - 0x10) | 0x00000200;
														__eflags = __edx;
														 *(__ebp - 0x10) = __edx;
													}
													goto L150;
												case 0xa:
													L142:
													 *(__ebp - 0x30) = 8;
													goto L143;
												case 0xb:
													L84:
													__eflags =  *(__ebp - 0x30) - 0xffffffff;
													if( *(__ebp - 0x30) != 0xffffffff) {
														__edx =  *(__ebp - 0x30);
														 *(__ebp - 0x4f0) =  *(__ebp - 0x30);
													} else {
														 *(__ebp - 0x4f0) = 0x7fffffff;
													}
													__eax =  *(__ebp - 0x4f0);
													 *(__ebp - 0x47c) =  *(__ebp - 0x4f0);
													__ecx = __ebp + 0x14;
													 *(__ebp - 4) = E0041C290(__ebp + 0x14);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
													__eflags =  *(__ebp - 0x10) & 0x00000020;
													if(( *(__ebp - 0x10) & 0x00000020) == 0) {
														L98:
														__eflags =  *(__ebp - 4);
														if( *(__ebp - 4) == 0) {
															__ecx =  *0x60b4f4; // 0x407414
															 *(__ebp - 4) = __ecx;
														}
														 *(__ebp - 0xc) = 1;
														__edx =  *(__ebp - 4);
														 *(__ebp - 0x480) =  *(__ebp - 4);
														while(1) {
															L101:
															__eax =  *(__ebp - 0x47c);
															__ecx =  *(__ebp - 0x47c);
															__ecx =  *(__ebp - 0x47c) - 1;
															 *(__ebp - 0x47c) = __ecx;
															__eflags =  *(__ebp - 0x47c);
															if( *(__ebp - 0x47c) == 0) {
																break;
															}
															L102:
															__edx =  *(__ebp - 0x480);
															__eax =  *( *(__ebp - 0x480)) & 0x0000ffff;
															__eflags =  *( *(__ebp - 0x480)) & 0x0000ffff;
															if(( *( *(__ebp - 0x480)) & 0x0000ffff) == 0) {
																break;
															}
															L103:
															 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
															 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
														}
														L104:
														__edx =  *(__ebp - 0x480);
														__edx =  *(__ebp - 0x480) -  *(__ebp - 4);
														__eflags = __edx;
														 *(__ebp - 0x24) = __edx;
														goto L105;
													} else {
														L88:
														__eflags =  *(__ebp - 4);
														if( *(__ebp - 4) == 0) {
															__eax =  *0x60b4f0; // 0x407424
															 *(__ebp - 4) = __eax;
														}
														__ecx =  *(__ebp - 4);
														 *(__ebp - 0x478) = __ecx;
														 *(__ebp - 0x24) = 0;
														while(1) {
															L92:
															__eax =  *(__ebp - 0x24);
															__eflags =  *(__ebp - 0x24) -  *(__ebp - 0x47c);
															if( *(__ebp - 0x24) >=  *(__ebp - 0x47c)) {
																break;
															}
															L93:
															__ecx =  *(__ebp - 0x478);
															__edx =  *__ecx;
															__eflags =  *__ecx;
															if( *__ecx == 0) {
																break;
															}
															L94:
															__ecx = __ebp - 0x40;
															E0040D3B0(__ebp - 0x40) =  *(__ebp - 0x478);
															__ecx =  *( *(__ebp - 0x478)) & 0x000000ff;
															__eax = E00419390( *( *(__ebp - 0x478)) & 0x000000ff,  *(__ebp - 0x478));
															__eflags = __eax;
															if(__eax != 0) {
																__edx =  *(__ebp - 0x478);
																__edx =  *(__ebp - 0x478) + 1;
																__eflags = __edx;
																 *(__ebp - 0x478) = __edx;
															}
															 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
															 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
															__edx =  *(__ebp - 0x24);
															__edx =  *(__ebp - 0x24) + 1;
															__eflags = __edx;
															 *(__ebp - 0x24) = __edx;
														}
														L97:
														L105:
														while(1) {
															L187:
															if( *(_t600 - 0x28) != 0) {
																goto L212;
															}
															goto L188;
														}
													}
												case 0xc:
													L141:
													 *(__ebp - 8) = 0xa;
													goto L150;
												case 0xd:
													L144:
													 *(__ebp - 0x460) = 0x27;
													L145:
													 *(__ebp - 8) = 0x10;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
													__eflags =  *(__ebp - 0x10) & 0x00000080;
													if(( *(__ebp - 0x10) & 0x00000080) != 0) {
														__edx = 0x30;
														 *((short*)(__ebp - 0x14)) = __dx;
														 *(__ebp - 0x460) =  *(__ebp - 0x460) + 0x51;
														__eflags =  *(__ebp - 0x460) + 0x51;
														 *(__ebp - 0x12) = __ax;
														 *(__ebp - 0x1c) = 2;
													}
													L150:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
													__eflags =  *(__ebp - 0x10) & 0x00008000;
													if(( *(__ebp - 0x10) & 0x00008000) == 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
														__eflags =  *(__ebp - 0x10) & 0x00001000;
														if(( *(__ebp - 0x10) & 0x00001000) == 0) {
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
															__eflags =  *(__ebp - 0x10) & 0x00000020;
															if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																__eflags =  *(__ebp - 0x10) & 0x00000040;
																if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																	__ecx = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	__edx = 0;
																	__eflags = 0;
																	 *(__ebp - 0x4a0) = __eax;
																	 *(__ebp - 0x49c) = 0;
																} else {
																	__eax = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	asm("cdq");
																	 *(__ebp - 0x4a0) = __eax;
																	 *(__ebp - 0x49c) = __edx;
																}
															} else {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																__eflags =  *(__ebp - 0x10) & 0x00000040;
																if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																	__ecx = __ebp + 0x14;
																	E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																	asm("cdq");
																	 *(__ebp - 0x4a0) = __ax & 0x0000ffff;
																	 *(__ebp - 0x49c) = __edx;
																} else {
																	__eax = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	__ax = __eax;
																	asm("cdq");
																	 *(__ebp - 0x4a0) = __eax;
																	 *(__ebp - 0x49c) = __edx;
																}
															}
														} else {
															__eax = __ebp + 0x14;
															 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
															 *(__ebp - 0x49c) = __edx;
														}
													} else {
														__ecx = __ebp + 0x14;
														 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
														 *(__ebp - 0x49c) = __edx;
													}
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
													__eflags =  *(__ebp - 0x10) & 0x00000040;
													if(( *(__ebp - 0x10) & 0x00000040) == 0) {
														L167:
														__ecx =  *(__ebp - 0x4a0);
														 *(__ebp - 0x4a8) =  *(__ebp - 0x4a0);
														__edx =  *(__ebp - 0x49c);
														 *(__ebp - 0x4a4) =  *(__ebp - 0x49c);
														goto L168;
													} else {
														L163:
														__eflags =  *(__ebp - 0x49c);
														if(__eflags > 0) {
															goto L167;
														}
														L164:
														if(__eflags < 0) {
															L166:
															 *(__ebp - 0x4a0) =  ~( *(__ebp - 0x4a0));
															__edx =  *(__ebp - 0x49c);
															asm("adc edx, 0x0");
															__edx =  ~( *(__ebp - 0x49c));
															 *(__ebp - 0x4a8) =  ~( *(__ebp - 0x4a0));
															 *(__ebp - 0x4a4) =  ~( *(__ebp - 0x49c));
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
															L168:
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
															__eflags =  *(__ebp - 0x10) & 0x00008000;
															if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																__eflags =  *(__ebp - 0x10) & 0x00001000;
																if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																	__edx =  *(__ebp - 0x4a8);
																	__eax =  *(__ebp - 0x4a4);
																	__eax =  *(__ebp - 0x4a4) & 0x00000000;
																	__eflags = __eax;
																	 *(__ebp - 0x4a4) = __eax;
																}
															}
															__eflags =  *(__ebp - 0x30);
															if( *(__ebp - 0x30) >= 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
																__eflags =  *(__ebp - 0x30) - 0x200;
																if( *(__ebp - 0x30) > 0x200) {
																	 *(__ebp - 0x30) = 0x200;
																}
															} else {
																 *(__ebp - 0x30) = 1;
															}
															 *(__ebp - 0x4a8) =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
															__eflags =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
															if(( *(__ebp - 0x4a8) |  *(__ebp - 0x4a4)) == 0) {
																 *(__ebp - 0x1c) = 0;
															}
															__eax = __ebp - 0x249;
															 *(__ebp - 4) = __ebp - 0x249;
															while(1) {
																L178:
																__ecx =  *(__ebp - 0x30);
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) > 0) {
																	goto L180;
																}
																L179:
																 *(__ebp - 0x4a8) =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
																__eflags =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
																if(( *(__ebp - 0x4a8) |  *(__ebp - 0x4a4)) == 0) {
																	goto L183;
																}
																L180:
																__eax =  *(__ebp - 8);
																asm("cdq");
																__ecx =  *(__ebp - 0x4a4);
																__edx =  *(__ebp - 0x4a8);
																__eax = E0041CE40( *(__ebp - 0x4a8),  *(__ebp - 0x4a4),  *(__ebp - 8),  *(__ebp - 0x4a8));
																 *(__ebp - 0x494) = __eax;
																__eax =  *(__ebp - 8);
																asm("cdq");
																__eax =  *(__ebp - 0x4a4);
																__ecx =  *(__ebp - 0x4a8);
																 *(__ebp - 0x4a8) = E0041CDD0( *(__ebp - 0x4a8),  *(__ebp - 0x4a4),  *(__ebp - 8), __edx);
																 *(__ebp - 0x4a4) = __edx;
																__eflags =  *(__ebp - 0x494) - 0x39;
																if( *(__ebp - 0x494) > 0x39) {
																	__edx =  *(__ebp - 0x494);
																	__edx =  *(__ebp - 0x494) +  *(__ebp - 0x460);
																	__eflags = __edx;
																	 *(__ebp - 0x494) = __edx;
																}
																__eax =  *(__ebp - 4);
																 *( *(__ebp - 4)) =  *(__ebp - 0x494);
																 *(__ebp - 4) =  *(__ebp - 4) - 1;
																 *(__ebp - 4) =  *(__ebp - 4) - 1;
																L178:
																__ecx =  *(__ebp - 0x30);
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) > 0) {
																	goto L180;
																}
																goto L179;
															}
														}
														L165:
														__eflags =  *(__ebp - 0x4a0);
														if( *(__ebp - 0x4a0) >= 0) {
															goto L167;
														}
														goto L166;
													}
												case 0xe:
													while(1) {
														L187:
														if( *(_t600 - 0x28) != 0) {
															goto L212;
														}
														goto L188;
													}
											}
										case 8:
											L24:
											__ecx =  *(__ebp - 0x10);
											__ecx =  *(__ebp - 0x10) | 0x00000002;
											 *(__ebp - 0x10) = __ecx;
											goto L27;
										case 9:
											L25:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
											goto L27;
										case 0xa:
											L23:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
											goto L27;
										case 0xb:
											L22:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
											goto L27;
										case 0xc:
											L26:
											__eax =  *(__ebp - 0x10);
											__eax =  *(__ebp - 0x10) | 0x00000008;
											__eflags = __eax;
											 *(__ebp - 0x10) = __eax;
											goto L27;
										case 0xd:
											L27:
											goto L214;
									}
								} else {
									_t574 = 0;
									if(0 == 0) {
										 *(_t600 - 0x4dc) = 0;
									} else {
										 *(_t600 - 0x4dc) = 1;
									}
									 *(_t600 - 0x46c) =  *(_t600 - 0x4dc);
									if( *(_t600 - 0x46c) == 0) {
										_push(L"(\"Incorrect format specifier\", 0)");
										_push(0);
										_push(0x460);
										_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
										_push(2);
										_t501 = L0040E1A0();
										_t603 = _t603 + 0x14;
										if(_t501 == 1) {
											asm("int3");
										}
									}
									L14:
									if( *(_t600 - 0x46c) != 0) {
										goto L16;
									} else {
										 *((intOrPtr*)(L0040EC70(_t546))) = 0x16;
										E00411A50(_t534, _t546, _t598, _t599, L"(\"Incorrect format specifier\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
										 *(_t600 - 0x4c8) = 0xffffffff;
										E0040D380(_t600 - 0x40);
										_t486 =  *(_t600 - 0x4c8);
										goto L225;
									}
								}
							}
							L215:
							if( *(_t600 - 0x45c) == 0) {
								L218:
								 *(_t600 - 0x4f8) = 1;
								L219:
								_t574 =  *(_t600 - 0x4f8);
								 *(_t600 - 0x4bc) =  *(_t600 - 0x4f8);
								if( *(_t600 - 0x4bc) == 0) {
									_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
									_push(0);
									_push(0x8f5);
									_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
									_push(2);
									_t491 = L0040E1A0();
									_t603 = _t603 + 0x14;
									if(_t491 == 1) {
										asm("int3");
									}
								}
								if( *(_t600 - 0x4bc) != 0) {
									 *(_t600 - 0x4d4) =  *(_t600 - 0x44c);
									E0040D380(_t600 - 0x40);
									_t486 =  *(_t600 - 0x4d4);
								} else {
									 *((intOrPtr*)(L0040EC70(_t538))) = 0x16;
									E00411A50(_t534, _t538, _t598, _t599, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
									 *(_t600 - 0x4d0) = 0xffffffff;
									E0040D380(_t600 - 0x40);
									_t486 =  *(_t600 - 0x4d0);
								}
								goto L225;
							}
							L216:
							if( *(_t600 - 0x45c) == 7) {
								goto L218;
							}
							L217:
							 *(_t600 - 0x4f8) = 0;
							goto L219;
						}
					} else {
						L113:
						 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
						__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
						 *(__ebp - 0x4cc) = 0xffffffff;
						__ecx = __ebp - 0x40;
						__eax = E0040D380(__ecx);
						__eax =  *(__ebp - 0x4cc);
						L225:
						return E00416CA0(_t486, _t534,  *(_t600 - 0x48) ^ _t600, _t574, _t598, _t599);
					}
					L115:
					if(( *(_t600 - 0x10) & 0x00000020) == 0) {
						 *( *(_t600 - 0x484)) =  *(_t600 - 0x44c);
					} else {
						 *( *(_t600 - 0x484)) =  *(_t600 - 0x44c);
					}
					 *(_t600 - 0x28) = 1;
					goto L187;
				}
			}

0x004235fa
0x004235fa
0x004235fa
0x004235fa
0x004235fa
0x004235fa
0x004235fe
0x00423603
0x00423606
0x00423613
0x00000000
0x00000000
0x00423619
0x00423619
0x0042361b
0x00423629
0x0042361d
0x0042361d
0x0042361d
0x00423633
0x00423639
0x00423646
0x00423648
0x0042364d
0x0042364f
0x00423654
0x00423659
0x0042365b
0x00423660
0x00423666
0x00423668
0x00423668
0x00423666
0x00423670
0x004236b8
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00423bba
0x00423bc0
0x00423bca
0x00423be4
0x00423bfe
0x00423c05
0x00423c09
0x00423c09
0x00423be6
0x00423beb
0x00423bef
0x00423bef
0x00423bcc
0x00423bd1
0x00423bd5
0x00423bd5
0x00423bca
0x00423c19
0x00423c25
0x00423c3b
0x00423c40
0x00423c40
0x00423c56
0x00423c5b
0x00423c64
0x00423c6c
0x00423c82
0x00423c87
0x00423c87
0x00423c6c
0x00423c8e
0x00423d48
0x00423d5b
0x00423d60
0x00000000
0x00423c94
0x00423c94
0x00423c98
0x00000000
0x00000000
0x00423c9e
0x00423ca1
0x00423caa
0x00423cb0
0x00423cb0
0x00423cbf
0x00423cc7
0x00000000
0x00000000
0x00423cc9
0x00423ccc
0x00423cf1
0x00423cf6
0x00423cf9
0x00423d06
0x00423d14
0x00423d27
0x00423d2c
0x00423d3b
0x00000000
0x00423d3b
0x00423d08
0x00423d08
0x00000000
0x00423d08
0x00423d46
0x00423d63
0x00423d6a
0x00423d72
0x00423d88
0x00423d8d
0x00423d8d
0x00423d72
0x00423d6a
0x00423d90
0x00423d94
0x00423d9c
0x00423da1
0x00423da4
0x00423da4
0x00423dab
0x00423dab
0x00422f2b
0x00422f32
0x00422f3f
0x00422f44
0x00000000
0x00422f57
0x00422f61
0x00422f88
0x00422f6f
0x00422f80
0x00422f80
0x00422f61
0x00422f92
0x00422f98
0x00422fa4
0x00422fa7
0x00422fb5
0x00422fb8
0x00422fc5
0x0042306a
0x00423070
0x0042307d
0x00000000
0x00000000
0x00423083
0x00423089
0x00000000
0x00423090
0x00423090
0x004230aa
0x004230af
0x00000000
0x00000000
0x004230b7
0x004230b7
0x004230be
0x004230c1
0x004230c4
0x004230c7
0x004230ca
0x004230cd
0x004230d0
0x004230d7
0x004230de
0x00000000
0x00000000
0x004230ea
0x004230ea
0x004230f1
0x004230fd
0x00423100
0x00423106
0x0042310d
0x00000000
0x00000000
0x0042310f
0x00423115
0x00423115
0x0042311c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423160
0x00423160
0x00423167
0x0042316a
0x00423194
0x00423197
0x00423197
0x004231a1
0x004231a1
0x004231a5
0x0042316c
0x0042316c
0x00423178
0x0042317b
0x0042317f
0x00423181
0x00423184
0x00423184
0x00423187
0x0042318a
0x0042318d
0x0042318f
0x0042318f
0x00423192
0x004231a8
0x00000000
0x00000000
0x004231ad
0x004231ad
0x00000000
0x00000000
0x004231b9
0x004231b9
0x004231c0
0x004231c3
0x004231e3
0x004231e6
0x004231e6
0x004231f0
0x004231f0
0x004231f4
0x004231c5
0x004231c5
0x004231d1
0x004231d4
0x004231d8
0x004231da
0x004231da
0x004231e1
0x00000000
0x00000000
0x004231fc
0x004231fc
0x00423203
0x0042320f
0x00423212
0x00423218
0x0042321f
0x00423332
0x00000000
0x00423332
0x00423225
0x0042322b
0x0042322b
0x00423232
0x00000000
0x00423269
0x00423269
0x0042326c
0x0042326f
0x00423272
0x00423299
0x00423299
0x0042329c
0x0042329f
0x004232a2
0x004232c6
0x004232c6
0x004232c9
0x004232cc
0x004232cf
0x00423308
0x00423319
0x00000000
0x00423319
0x004232d1
0x004232d1
0x004232d4
0x004232d7
0x004232da
0x00000000
0x00000000
0x004232dc
0x004232dc
0x004232df
0x004232e2
0x004232e5
0x00000000
0x00000000
0x004232e7
0x004232e7
0x004232ea
0x004232ed
0x004232f0
0x00000000
0x00000000
0x004232f2
0x004232f2
0x004232f5
0x004232f8
0x004232fb
0x00000000
0x00000000
0x004232fd
0x004232fd
0x00423300
0x00423303
0x00423306
0x0042330a
0x00000000
0x0042330a
0x00000000
0x00423306
0x004232a4
0x004232a4
0x004232a7
0x004232ab
0x004232ae
0x00000000
0x004232b0
0x004232b3
0x004232b6
0x004232bc
0x004232c1
0x00000000
0x004232c1
0x004232ae
0x00423274
0x00423274
0x00423277
0x0042327b
0x0042327e
0x00000000
0x00423280
0x00423283
0x00423286
0x0042328c
0x00423291
0x00000000
0x00423291
0x00000000
0x0042331b
0x0042331b
0x0042331e
0x00423321
0x00000000
0x00000000
0x00423239
0x00423239
0x0042323c
0x0042323f
0x00423242
0x0042325b
0x0042325e
0x0042325e
0x00423261
0x00423244
0x00423244
0x00423247
0x0042324a
0x00423250
0x00423256
0x00423256
0x00000000
0x00000000
0x00423326
0x00423326
0x00423329
0x00423329
0x0042332f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423337
0x00423337
0x0042333e
0x00423344
0x0042334a
0x0042334d
0x00423353
0x0042335a
0x00000000
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423b67
0x00423b6d
0x00423b70
0x00423b73
0x00423b76
0x00423b79
0x00423b7f
0x00423b7f
0x00423b7f
0x00423b87
0x00423b8b
0x00000000
0x00000000
0x00423b8d
0x00423b8d
0x00423b90
0x00423b93
0x00423b93
0x00423b98
0x00423b9b
0x00423b9e
0x00423ba1
0x00423ba4
0x00423ba7
0x00423baa
0x00423baa
0x00423bad
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00423360
0x00423366
0x00423366
0x0042336d
0x00000000
0x004236f1
0x004236f1
0x004236ff
0x004236ff
0x00423702
0x00000000
0x00000000
0x00423374
0x00423377
0x00423377
0x0042337d
0x0042337f
0x00423382
0x00423382
0x00423385
0x00423385
0x00000000
0x00000000
0x004234ba
0x004234bd
0x004234bd
0x004234c2
0x004234c4
0x004234c7
0x004234c7
0x004234ca
0x004234ca
0x00000000
0x00000000
0x004238bd
0x004238bd
0x00000000
0x00000000
0x00423424
0x00423424
0x00423430
0x00423436
0x0042343d
0x0042344b
0x0042344b
0x00423451
0x00423454
0x00423460
0x004234b5
0x00000000
0x004234b5
0x0042343f
0x0042343f
0x00423445
0x00423449
0x00423468
0x00423468
0x0042346e
0x00423496
0x0042349d
0x004234a3
0x004234a6
0x004234a9
0x004234af
0x004234b2
0x00423470
0x00423470
0x00423476
0x00423479
0x0042347c
0x00423482
0x00423485
0x00423488
0x0042348a
0x0042348d
0x0042348d
0x00000000
0x0042346e
0x00000000
0x00000000
0x00423709
0x0042370c
0x0042370f
0x00423712
0x00423718
0x0042371b
0x00423722
0x00423726
0x00423731
0x00423731
0x00423735
0x0042374c
0x0042374c
0x00423753
0x00423755
0x00423755
0x0042375c
0x0042375c
0x00423763
0x00423771
0x00423774
0x00423783
0x00423786
0x0042378a
0x0042379f
0x0042378c
0x0042378c
0x0042378f
0x00423795
0x0042379a
0x0042379a
0x0042378a
0x004237a9
0x004237ac
0x004237af
0x004237b2
0x004237b5
0x004237b8
0x004237be
0x004237c4
0x004237cc
0x004237cd
0x004237d0
0x004237d1
0x004237d4
0x004237d5
0x004237dc
0x004237dd
0x004237e0
0x004237e1
0x004237e4
0x004237e5
0x004237eb
0x004237ec
0x004237fb
0x004237fd
0x00423803
0x00423803
0x00423808
0x0042380a
0x0042380e
0x00423810
0x00423818
0x00423819
0x0042381c
0x0042381d
0x0042382c
0x0042382e
0x0042382e
0x0042380e
0x00423831
0x00423838
0x0042383b
0x00423840
0x00423840
0x00423846
0x00423848
0x00423850
0x00423851
0x00423854
0x00423855
0x00423863
0x00423865
0x00423865
0x00423846
0x00423868
0x0042386b
0x0042386e
0x00423871
0x00423876
0x0042387b
0x0042387e
0x00423881
0x00423881
0x00423884
0x00423884
0x00423887
0x00423893
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x00423bb0
0x00423737
0x00423737
0x0042373e
0x00423741
0x00000000
0x00000000
0x00423743
0x00423743
0x00000000
0x00423743
0x00423728
0x00423728
0x00000000
0x00000000
0x00423388
0x00423388
0x00423393
0x0042339b
0x004233a2
0x004233a5
0x004233a5
0x004233a8
0x00423408
0x004233aa
0x004233b1
0x004233b7
0x004233bd
0x004233c4
0x004233c7
0x004233cd
0x004233d5
0x004233d7
0x004233de
0x004233e5
0x004233ec
0x004233f4
0x004233f6
0x004233f8
0x004233f8
0x004233ff
0x0042340f
0x00423415
0x00423418
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x0042389b
0x0042389e
0x004238a1
0x004238a4
0x00000000
0x00000000
0x00000000
0x00000000
0x00423904
0x00423904
0x0042390e
0x0042390e
0x00423914
0x00423916
0x00423919
0x00423919
0x0042391f
0x0042391f
0x00000000
0x00000000
0x004238b6
0x004238b6
0x00000000
0x00000000
0x004234cd
0x004234cd
0x004234d1
0x004234df
0x004234e2
0x004234d3
0x004234d3
0x004234d3
0x004234e8
0x004234ee
0x004234f4
0x00423500
0x00423506
0x00423506
0x00423509
0x00423591
0x00423591
0x00423595
0x00423597
0x0042359d
0x0042359d
0x004235a0
0x004235a7
0x004235aa
0x004235b0
0x004235b0
0x004235b0
0x004235b6
0x004235bc
0x004235bf
0x004235c5
0x004235c7
0x00000000
0x00000000
0x004235c9
0x004235c9
0x004235cf
0x004235d2
0x004235d4
0x00000000
0x00000000
0x004235d6
0x004235dc
0x004235df
0x004235df
0x004235e7
0x004235e7
0x004235ed
0x004235ed
0x004235f2
0x00000000
0x0042350f
0x0042350f
0x0042350f
0x00423513
0x00423515
0x0042351a
0x0042351a
0x0042351d
0x00423520
0x00423526
0x00423538
0x00423538
0x00423538
0x0042353b
0x00423541
0x00000000
0x00000000
0x00423543
0x00423543
0x00423549
0x0042354c
0x0042354e
0x00000000
0x00000000
0x00423550
0x00423550
0x00423559
0x0042355f
0x00423563
0x0042356b
0x0042356d
0x0042356f
0x00423575
0x00423575
0x00423578
0x00423578
0x00423584
0x00423587
0x0042352f
0x00423532
0x00423532
0x00423535
0x00423535
0x0042358f
0x004235f5
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00000000
0x004238ad
0x004238ad
0x00000000
0x00000000
0x004238c9
0x004238c9
0x004238d3
0x004238d3
0x004238dd
0x004238dd
0x004238e3
0x004238e5
0x004238ea
0x004238f4
0x004238f4
0x004238f7
0x004238fb
0x004238fb
0x00423922
0x00423925
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239de
0x004239e2
0x004239ea
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c3
0x004239c7
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x0042399d
0x004239a9
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423981
0x00423985
0x0042398d
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423954
0x00423960
0x00423966
0x00423966
0x0042392c
0x0042392c
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fb
0x004239fe
0x00423a40
0x00423a40
0x00423a46
0x00423a4c
0x00423a52
0x00000000
0x00423a00
0x00423a00
0x00423a00
0x00423a07
0x00000000
0x00000000
0x00423a09
0x00423a09
0x00423a14
0x00423a1a
0x00423a1c
0x00423a22
0x00423a25
0x00423a27
0x00423a2d
0x00423a36
0x00423a3b
0x00423a58
0x00423a5b
0x00423a5b
0x00423a60
0x00423a65
0x00423a65
0x00423a6b
0x00423a6d
0x00423a73
0x00423a79
0x00423a79
0x00423a82
0x00423a82
0x00423a6b
0x00423a88
0x00423a8c
0x00423a9a
0x00423a9d
0x00423aa0
0x00423aa7
0x00423aa9
0x00423aa9
0x00423a8e
0x00423a8e
0x00423a8e
0x00423ab6
0x00423ab6
0x00423abc
0x00423abe
0x00423abe
0x00423ac5
0x00423acb
0x00423ace
0x00423ace
0x00423ace
0x00423ad4
0x00423ad7
0x00423ada
0x00423adc
0x00000000
0x00000000
0x00423ade
0x00423ae4
0x00423ae4
0x00423aea
0x00000000
0x00000000
0x00423aec
0x00423aec
0x00423aef
0x00423af2
0x00423af9
0x00423b00
0x00423b08
0x00423b0e
0x00423b11
0x00423b14
0x00423b1b
0x00423b27
0x00423b2d
0x00423b33
0x00423b3a
0x00423b3c
0x00423b42
0x00423b42
0x00423b48
0x00423b48
0x00423b4e
0x00423b57
0x00423b5c
0x00423b5f
0x00423ace
0x00423ace
0x00423ad4
0x00423ad7
0x00423ada
0x00423adc
0x00000000
0x00000000
0x00000000
0x00423adc
0x00423ace
0x00423a0b
0x00423a0b
0x00423a12
0x00000000
0x00000000
0x00000000
0x00423a12
0x00000000
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x00000000
0x00423139
0x00423139
0x0042313c
0x0042313f
0x00000000
0x00000000
0x00423144
0x00423147
0x0042314d
0x00000000
0x00000000
0x0042312e
0x00423131
0x00423134
0x00000000
0x00000000
0x00423123
0x00423126
0x00423129
0x00000000
0x00000000
0x00423152
0x00423152
0x00423155
0x00423155
0x00423158
0x00000000
0x00000000
0x0042315b
0x00000000
0x00000000
0x00422fcb
0x00422fcb
0x00422fcd
0x00422fdb
0x00422fcf
0x00422fcf
0x00422fcf
0x00422feb
0x00422ff8
0x00422ffa
0x00422fff
0x00423001
0x00423006
0x0042300b
0x0042300d
0x00423012
0x00423018
0x0042301a
0x0042301a
0x00423018
0x0042301b
0x00423022
0x00000000
0x00423024
0x00423029
0x00423045
0x0042304d
0x0042305a
0x0042305f
0x00000000
0x0042305f
0x00423022
0x00422fc5
0x00423db0
0x00423db7
0x00423dce
0x00423dce
0x00423dd8
0x00423dd8
0x00423dde
0x00423deb
0x00423ded
0x00423df2
0x00423df4
0x00423df9
0x00423dfe
0x00423e00
0x00423e05
0x00423e0b
0x00423e0d
0x00423e0d
0x00423e0b
0x00423e15
0x00423e60
0x00423e69
0x00423e6e
0x00423e17
0x00423e1c
0x00423e38
0x00423e40
0x00423e4d
0x00423e52
0x00423e52
0x00000000
0x00423e15
0x00423db9
0x00423dc0
0x00000000
0x00000000
0x00423dc2
0x00423dc2
0x00000000
0x00423dc2
0x00423672
0x00423672
0x00423677
0x00423693
0x0042369b
0x004236a5
0x004236a8
0x004236ad
0x00423e74
0x00423e81
0x00423e81
0x004236bd
0x004236c3
0x004236e3
0x004236c5
0x004236d2
0x004236d2
0x004236e5
0x00000000
0x004236e5

APIs

_get_int_arg.LIBCMTD ref: 004235FE
__get_printf_count_output.LIBCMTD ref: 0042360C
__invalid_parameter.LIBCMTD ref: 00423693
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004236A8
_write_multi_char.LIBCMTD ref: 00423C3B
_write_string.LIBCMTD ref: 00423C56
_write_multi_char.LIBCMTD ref: 00423C82
__mbtowc_l.LIBCMTD ref: 00423CF1

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\output.c, xrefs: 00423006, 00423036, 00423654, 00423684
_woutput_s_l, xrefs: 0042303B, 00423689
("'n' format specifier disabled", 0), xrefs: 00423648, 0042368E
("Incorrect format specifier", 0), xrefs: 00422FFA, 00423040

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___get_printf_count_output__invalid_parameter__mbtowc_l_get_int_arg_write_string
String ID: ("'n' format specifier disabled", 0)$("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
API String ID: 2386203720-1989478660
Opcode ID: d1832be73c325b2a4bc326d0b119be9072d492e9a98803d1346ca64ab664fcf7
Instruction ID: ef4f74fa8ae9f7b721304c8b29b2ffdaa4a1cf3bc8a7cf0712eaf4efd2d3e382
Opcode Fuzzy Hash: d1832be73c325b2a4bc326d0b119be9072d492e9a98803d1346ca64ab664fcf7
Instruction Fuzzy Hash: 05A19FB0E002289BDB24DF45DC81BAEB374AB44305F5441DAE6097B282D77CAE84CF5E

Uniqueness

Uniqueness Score: -1.00%

Function 00421BA5 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 225
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E00421BA5(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t495;
				signed int _t497;
				signed int _t503;
				void* _t508;
				signed int _t510;
				void* _t530;
				signed int _t548;
				void* _t558;
				signed int _t566;
				signed int _t593;
				void* _t621;
				void* _t622;
				signed int _t623;
				void* _t625;
				void* _t626;

				L0:
				while(1) {
					L0:
					_t622 = __esi;
					_t621 = __edi;
					_t558 = __ebx;
					_t495 = E0041C290(_t623 + 0x14);
					_t626 = _t625 + 4;
					 *((intOrPtr*)(_t623 - 0x288)) = _t495;
					if( *((intOrPtr*)(_t623 - 0x288)) == 0) {
						goto L82;
					}
					L81:
					__ecx =  *(__ebp - 0x288);
					if( *(__ecx + 4) != 0) {
						L83:
						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
						if(( *(__ebp - 0x10) & 0x00000800) == 0) {
							 *(__ebp - 0xc) = 0;
							__edx =  *(__ebp - 0x288);
							__eax =  *(__edx + 4);
							 *(__ebp - 4) =  *(__edx + 4);
							__ecx =  *(__ebp - 0x288);
							__edx =  *__ecx;
							 *(__ebp - 0x24) =  *__ecx;
						} else {
							__edx =  *(__ebp - 0x288);
							__eax =  *(__edx + 4);
							 *(__ebp - 4) =  *(__edx + 4);
							__ecx =  *(__ebp - 0x288);
							__eax =  *__ecx;
							asm("cdq");
							 *__ecx - __edx =  *__ecx - __edx >> 1;
							 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
							 *(__ebp - 0xc) = 1;
						}
						L86:
						while(1) {
							L190:
							if( *(_t623 - 0x28) != 0) {
								goto L216;
							}
							L191:
							if(( *(_t623 - 0x10) & 0x00000040) != 0) {
								if(( *(_t623 - 0x10) & 0x00000100) == 0) {
									if(( *(_t623 - 0x10) & 0x00000001) == 0) {
										if(( *(_t623 - 0x10) & 0x00000002) != 0) {
											 *((char*)(_t623 - 0x14)) = 0x20;
											 *(_t623 - 0x1c) = 1;
										}
									} else {
										 *((char*)(_t623 - 0x14)) = 0x2b;
										 *(_t623 - 0x1c) = 1;
									}
								} else {
									 *((char*)(_t623 - 0x14)) = 0x2d;
									 *(_t623 - 0x1c) = 1;
								}
							}
							 *((intOrPtr*)(_t623 - 0x2c4)) =  *((intOrPtr*)(_t623 - 0x18)) -  *(_t623 - 0x24) -  *(_t623 - 0x1c);
							if(( *(_t623 - 0x10) & 0x0000000c) == 0) {
								E00422790(0x20,  *((intOrPtr*)(_t623 - 0x2c4)),  *((intOrPtr*)(_t623 + 8)), _t623 - 0x24c);
								_t626 = _t626 + 0x10;
							}
							E004227D0( *(_t623 - 0x1c), _t623 - 0x14,  *(_t623 - 0x1c),  *((intOrPtr*)(_t623 + 8)), _t623 - 0x24c);
							_t626 = _t626 + 0x10;
							if(( *(_t623 - 0x10) & 0x00000008) != 0) {
								if(( *(_t623 - 0x10) & 0x00000004) == 0) {
									E00422790(0x30,  *((intOrPtr*)(_t623 - 0x2c4)),  *((intOrPtr*)(_t623 + 8)), _t623 - 0x24c);
									_t626 = _t626 + 0x10;
								}
							}
							if( *(_t623 - 0xc) == 0) {
								L212:
								E004227D0( *(_t623 - 4),  *(_t623 - 4),  *(_t623 - 0x24),  *((intOrPtr*)(_t623 + 8)), _t623 - 0x24c);
								_t626 = _t626 + 0x10;
								goto L213;
							} else {
								L204:
								if( *(_t623 - 0x24) <= 0) {
									goto L212;
								}
								L205:
								 *(_t623 - 0x2dc) = 0;
								 *(_t623 - 0x2c8) =  *(_t623 - 4);
								 *(_t623 - 0x2cc) =  *(_t623 - 0x24);
								while(1) {
									L206:
									 *(_t623 - 0x2cc) =  *(_t623 - 0x2cc) - 1;
									if( *(_t623 - 0x2cc) == 0) {
										break;
									}
									L207:
									 *(_t623 - 0x32e) =  *( *(_t623 - 0x2c8));
									_t548 = E004212A0(_t623 - 0x2d0, _t623 - 0x2d8, 6,  *(_t623 - 0x32e) & 0x0000ffff);
									_t626 = _t626 + 0x10;
									 *(_t623 - 0x2dc) = _t548;
									 *(_t623 - 0x2c8) =  *(_t623 - 0x2c8) + 2;
									if( *(_t623 - 0x2dc) != 0) {
										L209:
										 *(_t623 - 0x24c) = 0xffffffff;
										break;
									}
									L208:
									if( *(_t623 - 0x2d0) != 0) {
										L210:
										E004227D0( *((intOrPtr*)(_t623 + 8)), _t623 - 0x2d8,  *(_t623 - 0x2d0),  *((intOrPtr*)(_t623 + 8)), _t623 - 0x24c);
										_t626 = _t626 + 0x10;
										continue;
									}
									goto L209;
								}
								L211:
								L213:
								if( *(_t623 - 0x24c) >= 0) {
									if(( *(_t623 - 0x10) & 0x00000004) != 0) {
										E00422790(0x20,  *((intOrPtr*)(_t623 - 0x2c4)),  *((intOrPtr*)(_t623 + 8)), _t623 - 0x24c);
										_t626 = _t626 + 0x10;
									}
								}
							}
							L216:
							if( *(_t623 - 0x20) != 0) {
								L0040C240( *(_t623 - 0x20), 2);
								_t626 = _t626 + 8;
								 *(_t623 - 0x20) = 0;
							}
							while(1) {
								L218:
								 *(_t623 - 0x251) =  *( *(_t623 + 0xc));
								_t594 =  *(_t623 - 0x251);
								 *(_t623 + 0xc) =  *(_t623 + 0xc) + 1;
								if( *(_t623 - 0x251) == 0 ||  *(_t623 - 0x24c) < 0) {
									break;
								} else {
									if( *(_t623 - 0x251) < 0x20 ||  *(_t623 - 0x251) > 0x78) {
										 *(_t623 - 0x310) = 0;
									} else {
										 *(_t623 - 0x310) =  *( *(_t623 - 0x251) + L"pecifier\", 0)") & 0xf;
									}
								}
								L7:
								 *(_t623 - 0x250) =  *(_t623 - 0x310);
								_t510 =  *(_t623 - 0x250) * 9;
								_t566 =  *(_t623 - 0x25c);
								_t594 = ( *(_t510 + _t566 + 0x4083d0) & 0x000000ff) >> 4;
								 *(_t623 - 0x25c) = ( *(_t510 + _t566 + 0x4083d0) & 0x000000ff) >> 4;
								if( *(_t623 - 0x25c) != 8) {
									L16:
									 *(_t623 - 0x318) =  *(_t623 - 0x25c);
									if( *(_t623 - 0x318) > 7) {
										continue;
									}
									L17:
									switch( *((intOrPtr*)( *(_t623 - 0x318) * 4 +  &M004225E0))) {
										case 0:
											L18:
											 *(_t623 - 0xc) = 0;
											_t513 = E00419390( *(_t623 - 0x251) & 0x000000ff, E0040D3B0(_t623 - 0x40));
											_t629 = _t626 + 8;
											__eflags = _t513;
											if(_t513 == 0) {
												L24:
												E004226F0( *(_t623 - 0x251) & 0x000000ff,  *(_t623 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t623 + 8)), _t623 - 0x24c);
												_t626 = _t629 + 0xc;
												goto L218;
											} else {
												E004226F0( *((intOrPtr*)(_t623 + 8)),  *(_t623 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t623 + 8)), _t623 - 0x24c);
												_t629 = _t629 + 0xc;
												_t571 =  *( *(_t623 + 0xc));
												 *(_t623 - 0x251) =  *( *(_t623 + 0xc));
												_t594 =  *(_t623 + 0xc) + 1;
												__eflags = _t594;
												 *(_t623 + 0xc) = _t594;
												asm("sbb eax, eax");
												 *(_t623 - 0x27c) =  ~( ~( *(_t623 - 0x251)));
												if(_t594 == 0) {
													_push(L"(ch != _T(\'\\0\'))");
													_push(0);
													_push(0x486);
													_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
													_push(2);
													_t525 = L0040E1A0();
													_t629 = _t629 + 0x14;
													__eflags = _t525 - 1;
													if(_t525 == 1) {
														asm("int3");
													}
												}
												L22:
												__eflags =  *(_t623 - 0x27c);
												if( *(_t623 - 0x27c) != 0) {
													goto L24;
												} else {
													 *((intOrPtr*)(L0040EC70(_t571))) = 0x16;
													E00411A50(_t558, _t571, _t621, _t622, L"(ch != _T(\'\\0\'))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x486, 0);
													 *(_t623 - 0x2f4) = 0xffffffff;
													E0040D380(_t623 - 0x40);
													_t503 =  *(_t623 - 0x2f4);
													goto L229;
												}
											}
										case 1:
											L25:
											 *(__ebp - 0x2c) = 0;
											__edx =  *(__ebp - 0x2c);
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											__eax =  *(__ebp - 0x28);
											 *(__ebp - 0x18) =  *(__ebp - 0x28);
											__ecx =  *(__ebp - 0x18);
											 *(__ebp - 0x1c) = __ecx;
											 *(__ebp - 0x10) = 0;
											 *(__ebp - 0x30) = 0xffffffff;
											 *(__ebp - 0xc) = 0;
											goto L218;
										case 2:
											L26:
											__edx =  *((char*)(__ebp - 0x251));
											 *(__ebp - 0x31c) =  *((char*)(__ebp - 0x251));
											 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
											 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
											__eflags =  *(__ebp - 0x31c) - 0x10;
											if( *(__ebp - 0x31c) > 0x10) {
												goto L33;
											}
											L27:
											__ecx =  *(__ebp - 0x31c);
											_t74 = __ecx + 0x422618; // 0x498d04
											__edx =  *_t74 & 0x000000ff;
											switch( *((intOrPtr*)(( *_t74 & 0x000000ff) * 4 +  &M00422600))) {
												case 0:
													goto L30;
												case 1:
													goto L31;
												case 2:
													goto L29;
												case 3:
													goto L28;
												case 4:
													goto L32;
												case 5:
													goto L33;
											}
										case 3:
											L34:
											__edx =  *((char*)(__ebp - 0x251));
											__eflags =  *((char*)(__ebp - 0x251)) - 0x2a;
											if( *((char*)(__ebp - 0x251)) != 0x2a) {
												__eax =  *(__ebp - 0x18);
												__eax =  *(__ebp - 0x18) * 0xa;
												__eflags = __eax;
												__ecx =  *((char*)(__ebp - 0x251));
												_t98 = __ecx - 0x30; // -48
												__edx = __eax + _t98;
												 *(__ebp - 0x18) = __eax + _t98;
											} else {
												__eax = __ebp + 0x14;
												 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
												__eflags =  *(__ebp - 0x18);
												if( *(__ebp - 0x18) < 0) {
													__ecx =  *(__ebp - 0x10);
													__ecx =  *(__ebp - 0x10) | 0x00000004;
													__eflags = __ecx;
													 *(__ebp - 0x10) = __ecx;
													 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
													 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
												}
											}
											goto L218;
										case 4:
											L40:
											 *(__ebp - 0x30) = 0;
											goto L218;
										case 5:
											L41:
											__eax =  *((char*)(__ebp - 0x251));
											__eflags =  *((char*)(__ebp - 0x251)) - 0x2a;
											if( *((char*)(__ebp - 0x251)) != 0x2a) {
												__edx =  *(__ebp - 0x30);
												__edx =  *(__ebp - 0x30) * 0xa;
												__eflags = __edx;
												_t109 =  *((char*)(__ebp - 0x251)) - 0x30; // -48
												__ecx = __edx + _t109;
												 *(__ebp - 0x30) = __ecx;
											} else {
												__ecx = __ebp + 0x14;
												 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
												__eflags =  *(__ebp - 0x30);
												if( *(__ebp - 0x30) < 0) {
													 *(__ebp - 0x30) = 0xffffffff;
												}
											}
											goto L218;
										case 6:
											L47:
											__edx =  *((char*)(__ebp - 0x251));
											 *(__ebp - 0x320) =  *((char*)(__ebp - 0x251));
											 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
											 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
											__eflags =  *(__ebp - 0x320) - 0x2e;
											if( *(__ebp - 0x320) > 0x2e) {
												L70:
												goto L218;
											}
											L48:
											__ecx =  *(__ebp - 0x320);
											_t117 = __ecx + 0x422640; // 0x1e4e9003
											__edx =  *_t117 & 0x000000ff;
											switch( *((intOrPtr*)(( *_t117 & 0x000000ff) * 4 +  &M0042262C))) {
												case 0:
													L53:
													__edx =  *(__ebp + 0xc);
													__eax =  *( *(__ebp + 0xc));
													__eflags =  *( *(__ebp + 0xc)) - 0x36;
													if( *( *(__ebp + 0xc)) != 0x36) {
														L56:
														__edx =  *(__ebp + 0xc);
														__eax =  *( *(__ebp + 0xc));
														__eflags =  *( *(__ebp + 0xc)) - 0x33;
														if( *( *(__ebp + 0xc)) != 0x33) {
															L59:
															__edx =  *(__ebp + 0xc);
															__eax =  *( *(__ebp + 0xc));
															__eflags =  *( *(__ebp + 0xc)) - 0x64;
															if( *( *(__ebp + 0xc)) == 0x64) {
																L65:
																L67:
																goto L70;
															}
															L60:
															__ecx =  *(__ebp + 0xc);
															__edx =  *__ecx;
															__eflags =  *__ecx - 0x69;
															if( *__ecx == 0x69) {
																goto L65;
															}
															L61:
															__eax =  *(__ebp + 0xc);
															__ecx =  *( *(__ebp + 0xc));
															__eflags = __ecx - 0x6f;
															if(__ecx == 0x6f) {
																goto L65;
															}
															L62:
															__edx =  *(__ebp + 0xc);
															__eax =  *( *(__ebp + 0xc));
															__eflags =  *( *(__ebp + 0xc)) - 0x75;
															if( *( *(__ebp + 0xc)) == 0x75) {
																goto L65;
															}
															L63:
															__ecx =  *(__ebp + 0xc);
															__edx =  *__ecx;
															__eflags =  *__ecx - 0x78;
															if( *__ecx == 0x78) {
																goto L65;
															}
															L64:
															__eax =  *(__ebp + 0xc);
															__ecx =  *( *(__ebp + 0xc));
															__eflags = __ecx - 0x58;
															if(__ecx != 0x58) {
																 *(__ebp - 0x25c) = 0;
																goto L18;
															}
															goto L65;
														}
														L57:
														__ecx =  *(__ebp + 0xc);
														__edx =  *((char*)(__ecx + 1));
														__eflags =  *((char*)(__ecx + 1)) - 0x32;
														if( *((char*)(__ecx + 1)) != 0x32) {
															goto L59;
														} else {
															 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
															 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
															__ecx =  *(__ebp - 0x10);
															__ecx =  *(__ebp - 0x10) & 0xffff7fff;
															 *(__ebp - 0x10) = __ecx;
															goto L67;
														}
													}
													L54:
													__ecx =  *(__ebp + 0xc);
													__edx =  *((char*)(__ecx + 1));
													__eflags =  *((char*)(__ecx + 1)) - 0x34;
													if( *((char*)(__ecx + 1)) != 0x34) {
														goto L56;
													} else {
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
														__ecx =  *(__ebp - 0x10);
														__ecx =  *(__ebp - 0x10) | 0x00008000;
														 *(__ebp - 0x10) = __ecx;
														goto L67;
													}
												case 1:
													L68:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
													goto L70;
												case 2:
													L49:
													__eax =  *(__ebp + 0xc);
													__ecx =  *( *(__ebp + 0xc));
													__eflags = __ecx - 0x6c;
													if(__ecx != 0x6c) {
														__ecx =  *(__ebp - 0x10);
														__ecx =  *(__ebp - 0x10) | 0x00000010;
														__eflags = __ecx;
														 *(__ebp - 0x10) = __ecx;
													} else {
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
													}
													goto L70;
												case 3:
													L69:
													__eax =  *(__ebp - 0x10);
													__eax =  *(__ebp - 0x10) | 0x00000800;
													__eflags = __eax;
													 *(__ebp - 0x10) = __eax;
													goto L70;
												case 4:
													goto L70;
											}
										case 7:
											L71:
											__ecx =  *((char*)(__ebp - 0x251));
											 *(__ebp - 0x324) = __ecx;
											 *(__ebp - 0x324) =  *(__ebp - 0x324) - 0x41;
											 *(__ebp - 0x324) =  *(__ebp - 0x324) - 0x41;
											__eflags =  *(__ebp - 0x324) - 0x37;
											if( *(__ebp - 0x324) > 0x37) {
												goto L190;
												do {
													do {
														while(1) {
															L190:
															if( *(_t623 - 0x28) != 0) {
																goto L216;
															}
															goto L191;
														}
														L186:
														__ebp - 0x49 = __ebp - 0x49 -  *(__ebp - 4);
														 *(__ebp - 0x24) = __ebp - 0x49 -  *(__ebp - 4);
														__ecx =  *(__ebp - 4);
														__ecx =  *(__ebp - 4) + 1;
														 *(__ebp - 4) = __ecx;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000200;
														__eflags =  *(__ebp - 0x10) & 0x00000200;
													} while (( *(__ebp - 0x10) & 0x00000200) == 0);
													__eflags =  *(__ebp - 0x24);
													if( *(__ebp - 0x24) == 0) {
														break;
													}
													L188:
													__eax =  *(__ebp - 4);
													__ecx =  *( *(__ebp - 4));
													__eflags = __ecx - 0x30;
												} while (__ecx == 0x30);
												L189:
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												__eax =  *(__ebp - 4);
												 *( *(__ebp - 4)) = 0x30;
												__ecx =  *(__ebp - 0x24);
												__ecx =  *(__ebp - 0x24) + 1;
												__eflags = __ecx;
												 *(__ebp - 0x24) = __ecx;
												while(1) {
													L190:
													if( *(_t623 - 0x28) != 0) {
														goto L216;
													}
													goto L191;
												}
											}
											L72:
											_t158 =  *(__ebp - 0x324) + 0x4226ac; // 0xcccccc0d
											__ecx =  *_t158 & 0x000000ff;
											switch( *((intOrPtr*)(__ecx * 4 +  &M00422670))) {
												case 0:
													L122:
													 *(__ebp - 0x2c) = 1;
													__ecx =  *((char*)(__ebp - 0x251));
													__ecx =  *((char*)(__ebp - 0x251)) + 0x20;
													__eflags = __ecx;
													 *((char*)(__ebp - 0x251)) = __cl;
													goto L123;
												case 1:
													L73:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
													__eflags =  *(__ebp - 0x10) & 0x00000830;
													if(( *(__ebp - 0x10) & 0x00000830) == 0) {
														__eax =  *(__ebp - 0x10);
														__eax =  *(__ebp - 0x10) | 0x00000800;
														__eflags = __eax;
														 *(__ebp - 0x10) = __eax;
													}
													goto L75;
												case 2:
													L87:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
													__eflags =  *(__ebp - 0x10) & 0x00000830;
													if(( *(__ebp - 0x10) & 0x00000830) == 0) {
														__ecx =  *(__ebp - 0x10);
														__ecx =  *(__ebp - 0x10) | 0x00000800;
														__eflags = __ecx;
														 *(__ebp - 0x10) = __ecx;
													}
													goto L89;
												case 3:
													L146:
													 *(__ebp - 0x260) = 7;
													goto L148;
												case 4:
													goto L0;
												case 5:
													L123:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													__eax = __ebp - 0x248;
													 *(__ebp - 4) = __ebp - 0x248;
													 *(__ebp - 0x44) = 0x200;
													__eflags =  *(__ebp - 0x30);
													if( *(__ebp - 0x30) >= 0) {
														L125:
														__eflags =  *(__ebp - 0x30);
														if( *(__ebp - 0x30) != 0) {
															L128:
															__eflags =  *(__ebp - 0x30) - 0x200;
															if( *(__ebp - 0x30) > 0x200) {
																 *(__ebp - 0x30) = 0x200;
															}
															L130:
															__eflags =  *(__ebp - 0x30) - 0xa3;
															if( *(__ebp - 0x30) > 0xa3) {
																 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																 *(__ebp - 0x20) = L0040B5C0(__ecx,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																__eflags =  *(__ebp - 0x20);
																if( *(__ebp - 0x20) == 0) {
																	 *(__ebp - 0x30) = 0xa3;
																} else {
																	__eax =  *(__ebp - 0x20);
																	 *(__ebp - 4) =  *(__ebp - 0x20);
																	 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																	 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																}
															}
															 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
															 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
															__eax =  *(__ebp + 0x14);
															__ecx =  *(__eax - 8);
															__edx =  *(__eax - 4);
															 *(__ebp - 0x2a8) =  *(__eax - 8);
															 *(__ebp - 0x2a4) =  *(__eax - 4);
															__ecx = __ebp - 0x40;
															_push(E0040D3B0(__ebp - 0x40));
															__eax =  *(__ebp - 0x2c);
															_push( *(__ebp - 0x2c));
															__ecx =  *(__ebp - 0x30);
															_push( *(__ebp - 0x30));
															__edx =  *((char*)(__ebp - 0x251));
															_push( *((char*)(__ebp - 0x251)));
															__eax =  *(__ebp - 0x44);
															_push( *(__ebp - 0x44));
															__ecx =  *(__ebp - 4);
															_push( *(__ebp - 4));
															__edx = __ebp - 0x2a8;
															_push(__ebp - 0x2a8);
															__eax =  *0x60b3cc; // 0x7e8c4bdb
															__eax =  *__eax();
															__esp = __esp + 0x1c;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
															__eflags =  *(__ebp - 0x10) & 0x00000080;
															if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) == 0) {
																	__ecx = __ebp - 0x40;
																	_push(E0040D3B0(__ebp - 0x40));
																	__edx =  *(__ebp - 4);
																	_push( *(__ebp - 4));
																	__eax =  *0x60b3d8; // 0x7e8c4bdb
																	__eax =  *__eax();
																	__esp = __esp + 8;
																}
															}
															__ecx =  *((char*)(__ebp - 0x251));
															__eflags =  *((char*)(__ebp - 0x251)) - 0x67;
															if( *((char*)(__ebp - 0x251)) == 0x67) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																__eflags =  *(__ebp - 0x10) & 0x00000080;
																if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																	__ecx = __ebp - 0x40;
																	_push(E0040D3B0(__ebp - 0x40));
																	__eax =  *(__ebp - 4);
																	_push( *(__ebp - 4));
																	__ecx =  *0x60b3d4; // 0x7e8c4bdb
																	E00410200(__ecx) =  *__eax();
																	__esp = __esp + 8;
																}
															}
															__edx =  *(__ebp - 4);
															__eax =  *( *(__ebp - 4));
															__eflags =  *( *(__ebp - 4)) - 0x2d;
															if( *( *(__ebp - 4)) == 0x2d) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																__edx =  *(__ebp - 4);
																__edx =  *(__ebp - 4) + 1;
																__eflags = __edx;
																 *(__ebp - 4) = __edx;
															}
															__eax =  *(__ebp - 4);
															 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
															goto L190;
														}
														L126:
														__ecx =  *((char*)(__ebp - 0x251));
														__eflags = __ecx - 0x67;
														if(__ecx != 0x67) {
															goto L128;
														}
														L127:
														 *(__ebp - 0x30) = 1;
														goto L130;
													}
													L124:
													 *(__ebp - 0x30) = 6;
													goto L130;
												case 6:
													L75:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
													__eflags =  *(__ebp - 0x10) & 0x00000810;
													if(( *(__ebp - 0x10) & 0x00000810) == 0) {
														__ebp + 0x14 = E0041C290(__ebp + 0x14);
														 *(__ebp - 0x284) = __ax;
														__cl =  *(__ebp - 0x284);
														 *(__ebp - 0x248) = __cl;
														 *(__ebp - 0x24) = 1;
													} else {
														 *(__ebp - 0x280) = 0;
														__edx = __ebp + 0x14;
														__eax = E0041C2D0(__ebp + 0x14);
														 *(__ebp - 0x258) = __ax;
														__eax =  *(__ebp - 0x258) & 0x0000ffff;
														__ecx = __ebp - 0x248;
														__edx = __ebp - 0x24;
														 *(__ebp - 0x280) = E004212A0(__ebp - 0x24, __ebp - 0x248, 0x200,  *(__ebp - 0x258) & 0x0000ffff);
														__eflags =  *(__ebp - 0x280);
														if( *(__ebp - 0x280) != 0) {
															 *(__ebp - 0x28) = 1;
														}
													}
													__edx = __ebp - 0x248;
													 *(__ebp - 4) = __ebp - 0x248;
													do {
														L190:
														if( *(_t623 - 0x28) != 0) {
															goto L216;
														}
														goto L191;
													} while ( *(__ebp - 0x324) > 0x37);
													goto L72;
												case 7:
													L143:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 8) = 0xa;
													goto L153;
												case 8:
													L108:
													__ecx = __ebp + 0x14;
													 *(__ebp - 0x298) = E0041C290(__ebp + 0x14);
													__eax = E00420F80();
													__eflags = __eax;
													if(__eax != 0) {
														L118:
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
														__eflags =  *(__ebp - 0x10) & 0x00000020;
														if(( *(__ebp - 0x10) & 0x00000020) == 0) {
															__edx =  *(__ebp - 0x298);
															__eax =  *(__ebp - 0x24c);
															 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
														} else {
															__eax =  *(__ebp - 0x298);
															 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
														}
														 *(__ebp - 0x28) = 1;
														while(1) {
															L190:
															if( *(_t623 - 0x28) != 0) {
																goto L216;
															}
															goto L191;
														}
													}
													L109:
													__edx = 0;
													__eflags = 0;
													if(0 == 0) {
														 *(__ebp - 0x32c) = 0;
													} else {
														 *(__ebp - 0x32c) = 1;
													}
													__eax =  *(__ebp - 0x32c);
													 *(__ebp - 0x29c) =  *(__ebp - 0x32c);
													__eflags =  *(__ebp - 0x29c);
													if( *(__ebp - 0x29c) == 0) {
														_push(L"(\"\'n\' format specifier disabled\", 0)");
														_push(0);
														_push(0x695);
														_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
														_push(2);
														__eax = L0040E1A0();
														__esp = __esp + 0x14;
														__eflags = __eax - 1;
														if(__eax == 1) {
															asm("int3");
														}
													}
													__eflags =  *(__ebp - 0x29c);
													if( *(__ebp - 0x29c) != 0) {
														L117:
														while(1) {
															L190:
															if( *(_t623 - 0x28) != 0) {
																goto L216;
															}
															goto L191;
														}
													} else {
														L116:
														 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
														__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
														 *(__ebp - 0x2f8) = 0xffffffff;
														__ecx = __ebp - 0x40;
														__eax = E0040D380(__ecx);
														__eax =  *(__ebp - 0x2f8);
														goto L229;
													}
												case 9:
													L151:
													 *(__ebp - 8) = 8;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
													__eflags =  *(__ebp - 0x10) & 0x00000080;
													if(( *(__ebp - 0x10) & 0x00000080) != 0) {
														__edx =  *(__ebp - 0x10);
														__edx =  *(__ebp - 0x10) | 0x00000200;
														__eflags = __edx;
														 *(__ebp - 0x10) = __edx;
													}
													goto L153;
												case 0xa:
													L145:
													 *(__ebp - 0x30) = 8;
													goto L146;
												case 0xb:
													L89:
													__eflags =  *(__ebp - 0x30) - 0xffffffff;
													if( *(__ebp - 0x30) != 0xffffffff) {
														__edx =  *(__ebp - 0x30);
														 *(__ebp - 0x328) =  *(__ebp - 0x30);
													} else {
														 *(__ebp - 0x328) = 0x7fffffff;
													}
													__eax =  *(__ebp - 0x328);
													 *(__ebp - 0x290) =  *(__ebp - 0x328);
													__ecx = __ebp + 0x14;
													 *(__ebp - 4) = E0041C290(__ebp + 0x14);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
													__eflags =  *(__ebp - 0x10) & 0x00000810;
													if(( *(__ebp - 0x10) & 0x00000810) == 0) {
														L100:
														__eflags =  *(__ebp - 4);
														if( *(__ebp - 4) == 0) {
															__edx =  *0x60b4f0; // 0x407424
															 *(__ebp - 4) = __edx;
														}
														__eax =  *(__ebp - 4);
														 *(__ebp - 0x28c) =  *(__ebp - 4);
														while(1) {
															L103:
															__ecx =  *(__ebp - 0x290);
															 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
															 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
															__eflags = __ecx;
															if(__ecx == 0) {
																break;
															}
															L104:
															__eax =  *(__ebp - 0x28c);
															__ecx =  *( *(__ebp - 0x28c));
															__eflags = __ecx;
															if(__ecx == 0) {
																break;
															}
															L105:
															 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
															 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
														}
														L106:
														__eax =  *(__ebp - 0x28c);
														__eax =  *(__ebp - 0x28c) -  *(__ebp - 4);
														__eflags = __eax;
														 *(__ebp - 0x24) = __eax;
														goto L107;
													} else {
														L93:
														__eflags =  *(__ebp - 4);
														if( *(__ebp - 4) == 0) {
															__eax =  *0x60b4f4; // 0x407414
															 *(__ebp - 4) = __eax;
														}
														 *(__ebp - 0xc) = 1;
														__ecx =  *(__ebp - 4);
														 *(__ebp - 0x294) =  *(__ebp - 4);
														while(1) {
															L96:
															__edx =  *(__ebp - 0x290);
															 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
															 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
															__eflags =  *(__ebp - 0x290);
															if( *(__ebp - 0x290) == 0) {
																break;
															}
															L97:
															__ecx =  *(__ebp - 0x294);
															__edx =  *( *(__ebp - 0x294)) & 0x0000ffff;
															__eflags =  *( *(__ebp - 0x294)) & 0x0000ffff;
															if(( *( *(__ebp - 0x294)) & 0x0000ffff) == 0) {
																break;
															}
															L98:
															 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
															 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
														}
														L99:
														 *(__ebp - 0x294) =  *(__ebp - 0x294) -  *(__ebp - 4);
														__ecx =  *(__ebp - 0x294) -  *(__ebp - 4) >> 1;
														 *(__ebp - 0x24) = __ecx;
														L107:
														while(1) {
															L190:
															if( *(_t623 - 0x28) != 0) {
																goto L216;
															}
															goto L191;
														}
													}
												case 0xc:
													L144:
													 *(__ebp - 8) = 0xa;
													goto L153;
												case 0xd:
													L147:
													 *(__ebp - 0x260) = 0x27;
													L148:
													 *(__ebp - 8) = 0x10;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
													__eflags =  *(__ebp - 0x10) & 0x00000080;
													if(( *(__ebp - 0x10) & 0x00000080) != 0) {
														 *((char*)(__ebp - 0x14)) = 0x30;
														 *(__ebp - 0x260) =  *(__ebp - 0x260) + 0x51;
														__eflags =  *(__ebp - 0x260) + 0x51;
														 *((char*)(__ebp - 0x13)) = __al;
														 *(__ebp - 0x1c) = 2;
													}
													L153:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
													__eflags =  *(__ebp - 0x10) & 0x00008000;
													if(( *(__ebp - 0x10) & 0x00008000) == 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
														__eflags =  *(__ebp - 0x10) & 0x00001000;
														if(( *(__ebp - 0x10) & 0x00001000) == 0) {
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
															__eflags =  *(__ebp - 0x10) & 0x00000020;
															if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																__eflags =  *(__ebp - 0x10) & 0x00000040;
																if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																	__ecx = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	__edx = 0;
																	__eflags = 0;
																	 *(__ebp - 0x2b8) = __eax;
																	 *(__ebp - 0x2b4) = 0;
																} else {
																	__eax = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	asm("cdq");
																	 *(__ebp - 0x2b8) = __eax;
																	 *(__ebp - 0x2b4) = __edx;
																}
															} else {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																__eflags =  *(__ebp - 0x10) & 0x00000040;
																if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																	__ecx = __ebp + 0x14;
																	E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																	asm("cdq");
																	 *(__ebp - 0x2b8) = __ax & 0x0000ffff;
																	 *(__ebp - 0x2b4) = __edx;
																} else {
																	__eax = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	__ax = __eax;
																	asm("cdq");
																	 *(__ebp - 0x2b8) = __eax;
																	 *(__ebp - 0x2b4) = __edx;
																}
															}
														} else {
															__eax = __ebp + 0x14;
															 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
															 *(__ebp - 0x2b4) = __edx;
														}
													} else {
														__ecx = __ebp + 0x14;
														 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
														 *(__ebp - 0x2b4) = __edx;
													}
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
													__eflags =  *(__ebp - 0x10) & 0x00000040;
													if(( *(__ebp - 0x10) & 0x00000040) == 0) {
														L170:
														__ecx =  *(__ebp - 0x2b8);
														 *(__ebp - 0x2c0) =  *(__ebp - 0x2b8);
														__edx =  *(__ebp - 0x2b4);
														 *(__ebp - 0x2bc) =  *(__ebp - 0x2b4);
														goto L171;
													} else {
														L166:
														__eflags =  *(__ebp - 0x2b4);
														if(__eflags > 0) {
															goto L170;
														}
														L167:
														if(__eflags < 0) {
															L169:
															 *(__ebp - 0x2b8) =  ~( *(__ebp - 0x2b8));
															__edx =  *(__ebp - 0x2b4);
															asm("adc edx, 0x0");
															__edx =  ~( *(__ebp - 0x2b4));
															 *(__ebp - 0x2c0) =  ~( *(__ebp - 0x2b8));
															 *(__ebp - 0x2bc) =  ~( *(__ebp - 0x2b4));
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
															L171:
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
															__eflags =  *(__ebp - 0x10) & 0x00008000;
															if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																__eflags =  *(__ebp - 0x10) & 0x00001000;
																if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																	__edx =  *(__ebp - 0x2c0);
																	__eax =  *(__ebp - 0x2bc);
																	__eax =  *(__ebp - 0x2bc) & 0x00000000;
																	__eflags = __eax;
																	 *(__ebp - 0x2bc) = __eax;
																}
															}
															__eflags =  *(__ebp - 0x30);
															if( *(__ebp - 0x30) >= 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
																__eflags =  *(__ebp - 0x30) - 0x200;
																if( *(__ebp - 0x30) > 0x200) {
																	 *(__ebp - 0x30) = 0x200;
																}
															} else {
																 *(__ebp - 0x30) = 1;
															}
															 *(__ebp - 0x2c0) =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
															__eflags =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
															if(( *(__ebp - 0x2c0) |  *(__ebp - 0x2bc)) == 0) {
																 *(__ebp - 0x1c) = 0;
															}
															__eax = __ebp - 0x49;
															 *(__ebp - 4) = __ebp - 0x49;
															while(1) {
																L181:
																__ecx =  *(__ebp - 0x30);
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) > 0) {
																	goto L183;
																}
																L182:
																 *(__ebp - 0x2c0) =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
																__eflags =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
																if(( *(__ebp - 0x2c0) |  *(__ebp - 0x2bc)) == 0) {
																	goto L186;
																}
																L183:
																__eax =  *(__ebp - 8);
																asm("cdq");
																__ecx =  *(__ebp - 0x2bc);
																__edx =  *(__ebp - 0x2c0);
																__eax = E0041CE40( *(__ebp - 0x2c0),  *(__ebp - 0x2bc),  *(__ebp - 8),  *(__ebp - 0x2c0));
																 *(__ebp - 0x2ac) = __eax;
																__eax =  *(__ebp - 8);
																asm("cdq");
																__eax =  *(__ebp - 0x2bc);
																__ecx =  *(__ebp - 0x2c0);
																 *(__ebp - 0x2c0) = E0041CDD0( *(__ebp - 0x2c0),  *(__ebp - 0x2bc),  *(__ebp - 8), __edx);
																 *(__ebp - 0x2bc) = __edx;
																__eflags =  *(__ebp - 0x2ac) - 0x39;
																if( *(__ebp - 0x2ac) > 0x39) {
																	__edx =  *(__ebp - 0x2ac);
																	__edx =  *(__ebp - 0x2ac) +  *(__ebp - 0x260);
																	__eflags = __edx;
																	 *(__ebp - 0x2ac) = __edx;
																}
																__eax =  *(__ebp - 4);
																__cl =  *(__ebp - 0x2ac);
																 *( *(__ebp - 4)) = __cl;
																 *(__ebp - 4) =  *(__ebp - 4) - 1;
																 *(__ebp - 4) =  *(__ebp - 4) - 1;
																L181:
																__ecx =  *(__ebp - 0x30);
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) > 0) {
																	goto L183;
																}
																goto L182;
															}
														}
														L168:
														__eflags =  *(__ebp - 0x2b8);
														if( *(__ebp - 0x2b8) >= 0) {
															goto L170;
														}
														goto L169;
													}
												case 0xe:
													while(1) {
														L190:
														if( *(_t623 - 0x28) != 0) {
															goto L216;
														}
														goto L191;
													}
											}
										case 8:
											L30:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
											goto L33;
										case 9:
											L31:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
											goto L33;
										case 0xa:
											L29:
											__ecx =  *(__ebp - 0x10);
											__ecx =  *(__ebp - 0x10) | 0x00000001;
											 *(__ebp - 0x10) = __ecx;
											goto L33;
										case 0xb:
											L28:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
											goto L33;
										case 0xc:
											L32:
											__ecx =  *(__ebp - 0x10);
											__ecx =  *(__ebp - 0x10) | 0x00000008;
											__eflags = __ecx;
											 *(__ebp - 0x10) = __ecx;
											goto L33;
										case 0xd:
											L33:
											goto L218;
									}
								} else {
									if(0 == 0) {
										 *(_t623 - 0x314) = 0;
									} else {
										 *(_t623 - 0x314) = 1;
									}
									_t573 =  *(_t623 - 0x314);
									 *(_t623 - 0x278) =  *(_t623 - 0x314);
									if( *(_t623 - 0x278) == 0) {
										_push(L"(\"Incorrect format specifier\", 0)");
										_push(0);
										_push(0x460);
										_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
										_push(2);
										_t530 = L0040E1A0();
										_t626 = _t626 + 0x14;
										if(_t530 == 1) {
											asm("int3");
										}
									}
									L14:
									if( *(_t623 - 0x278) != 0) {
										goto L16;
									} else {
										 *((intOrPtr*)(L0040EC70(_t573))) = 0x16;
										E00411A50(_t558, _t573, _t621, _t622, L"(\"Incorrect format specifier\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
										 *(_t623 - 0x2f0) = 0xffffffff;
										E0040D380(_t623 - 0x40);
										_t503 =  *(_t623 - 0x2f0);
										L229:
										return E00416CA0(_t503, _t558,  *(_t623 - 0x48) ^ _t623, _t594, _t621, _t622);
									}
								}
							}
							L219:
							if( *(_t623 - 0x25c) == 0) {
								L222:
								 *(_t623 - 0x334) = 1;
								L223:
								_t560 =  *(_t623 - 0x334);
								 *(_t623 - 0x2e0) =  *(_t623 - 0x334);
								if( *(_t623 - 0x2e0) == 0) {
									_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
									_push(0);
									_push(0x8f5);
									_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
									_push(2);
									_t508 = L0040E1A0();
									_t626 = _t626 + 0x14;
									if(_t508 == 1) {
										asm("int3");
									}
								}
								if( *(_t623 - 0x2e0) != 0) {
									 *(_t623 - 0x300) =  *(_t623 - 0x24c);
									E0040D380(_t623 - 0x40);
									_t503 =  *(_t623 - 0x300);
								} else {
									 *((intOrPtr*)(L0040EC70(_t560))) = 0x16;
									E00411A50(_t558, _t560, _t621, _t622, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
									 *(_t623 - 0x2fc) = 0xffffffff;
									E0040D380(_t623 - 0x40);
									_t503 =  *(_t623 - 0x2fc);
								}
								goto L229;
							}
							L220:
							if( *(_t623 - 0x25c) == 7) {
								goto L222;
							}
							L221:
							 *(_t623 - 0x334) = 0;
							goto L223;
						}
					}
					L82:
					_t593 =  *0x60b4f0; // 0x407424
					 *(_t623 - 4) = _t593;
					_t497 = E0040DC40( *(_t623 - 4));
					_t626 = _t626 + 4;
					 *(_t623 - 0x24) = _t497;
					goto L86;
				}
			}

0x00421ba5
0x00421ba5
0x00421ba5
0x00421ba5
0x00421ba5
0x00421ba5
0x00421ba9
0x00421bae
0x00421bb1
0x00421bbe
0x00000000
0x00000000
0x00421bc0
0x00421bc0
0x00421bca
0x00421be6
0x00421be9
0x00421bef
0x00421c17
0x00421c1e
0x00421c24
0x00421c27
0x00421c2a
0x00421c30
0x00421c33
0x00421bf1
0x00421bf1
0x00421bf7
0x00421bfa
0x00421bfd
0x00421c03
0x00421c06
0x00421c09
0x00421c0b
0x00421c0e
0x00421c0e
0x00421c36
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x0042230c
0x00422312
0x0042231c
0x00422331
0x00422346
0x00422348
0x0042234c
0x0042234c
0x00422333
0x00422333
0x00422337
0x00422337
0x0042231e
0x0042231e
0x00422322
0x00422322
0x0042231c
0x0042235c
0x00422368
0x0042237e
0x00422383
0x00422383
0x00422399
0x0042239e
0x004223a7
0x004223af
0x004223c5
0x004223ca
0x004223ca
0x004223af
0x004223d1
0x004224a5
0x004224b8
0x004224bd
0x00000000
0x004223d7
0x004223d7
0x004223db
0x00000000
0x00000000
0x004223e1
0x004223e1
0x004223ee
0x004223f7
0x004223fd
0x004223fd
0x0042240c
0x00422414
0x00000000
0x00000000
0x0042241a
0x00422423
0x00422442
0x00422447
0x0042244a
0x00422459
0x00422466
0x00422471
0x00422471
0x00000000
0x00422471
0x00422468
0x0042246f
0x0042247d
0x00422496
0x0042249b
0x00000000
0x0042249b
0x00000000
0x0042246f
0x004224a3
0x004224c0
0x004224c7
0x004224cf
0x004224e5
0x004224ea
0x004224ea
0x004224cf
0x004224c7
0x004224ed
0x004224f1
0x004224f9
0x004224fe
0x00422501
0x00422501
0x00422508
0x00422508
0x004215df
0x004215e5
0x004215f2
0x004215f7
0x00000000
0x0042160a
0x00421614
0x0042163b
0x00421622
0x00421633
0x00421633
0x00421614
0x00421645
0x0042164b
0x00421657
0x0042165a
0x00421668
0x0042166b
0x00421678
0x0042171d
0x00421723
0x00421730
0x00000000
0x00000000
0x00421736
0x0042173c
0x00000000
0x00421743
0x00421743
0x0042175b
0x00421760
0x00421763
0x00421765
0x0042181f
0x00421832
0x00421837
0x00000000
0x0042176b
0x0042177e
0x00421783
0x00421789
0x0042178b
0x00421794
0x00421794
0x00421797
0x004217a3
0x004217a7
0x004217ad
0x004217af
0x004217b4
0x004217b6
0x004217bb
0x004217c0
0x004217c2
0x004217c7
0x004217ca
0x004217cd
0x004217cf
0x004217cf
0x004217cd
0x004217d0
0x004217d0
0x004217d7
0x00000000
0x004217d9
0x004217de
0x004217fa
0x00421802
0x0042180f
0x00421814
0x00000000
0x00421814
0x004217d7
0x00000000
0x0042183f
0x0042183f
0x00421846
0x00421849
0x0042184c
0x0042184f
0x00421852
0x00421855
0x00421858
0x0042185f
0x00421866
0x00000000
0x00000000
0x00421872
0x00421872
0x00421879
0x00421885
0x00421888
0x0042188e
0x00421895
0x00000000
0x00000000
0x00421897
0x00421897
0x0042189d
0x0042189d
0x004218a4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004218e7
0x004218e7
0x004218ee
0x004218f1
0x0042191b
0x0042191e
0x0042191e
0x00421921
0x00421928
0x00421928
0x0042192c
0x004218f3
0x004218f3
0x004218ff
0x00421902
0x00421906
0x00421908
0x0042190b
0x0042190b
0x0042190e
0x00421914
0x00421916
0x00421916
0x00421919
0x00000000
0x00000000
0x00421934
0x00421934
0x00000000
0x00000000
0x00421940
0x00421940
0x00421947
0x0042194a
0x0042196a
0x0042196d
0x0042196d
0x00421977
0x00421977
0x0042197b
0x0042194c
0x0042194c
0x00421958
0x0042195b
0x0042195f
0x00421961
0x00421961
0x00421968
0x00000000
0x00000000
0x00421983
0x00421983
0x0042198a
0x00421996
0x00421999
0x0042199f
0x004219a6
0x00421ab9
0x00000000
0x00421ab9
0x004219ac
0x004219ac
0x004219b2
0x004219b2
0x004219b9
0x00000000
0x004219ef
0x004219ef
0x004219f2
0x004219f5
0x004219f8
0x00421a20
0x00421a20
0x00421a23
0x00421a26
0x00421a29
0x00421a4e
0x00421a4e
0x00421a51
0x00421a54
0x00421a57
0x00421a90
0x00421aa1
0x00000000
0x00421aa1
0x00421a59
0x00421a59
0x00421a5c
0x00421a5f
0x00421a62
0x00000000
0x00000000
0x00421a64
0x00421a64
0x00421a67
0x00421a6a
0x00421a6d
0x00000000
0x00000000
0x00421a6f
0x00421a6f
0x00421a72
0x00421a75
0x00421a78
0x00000000
0x00000000
0x00421a7a
0x00421a7a
0x00421a7d
0x00421a80
0x00421a83
0x00000000
0x00000000
0x00421a85
0x00421a85
0x00421a88
0x00421a8b
0x00421a8e
0x00421a92
0x00000000
0x00421a92
0x00000000
0x00421a8e
0x00421a2b
0x00421a2b
0x00421a2e
0x00421a32
0x00421a35
0x00000000
0x00421a37
0x00421a3a
0x00421a3d
0x00421a40
0x00421a43
0x00421a49
0x00000000
0x00421a49
0x00421a35
0x004219fa
0x004219fa
0x004219fd
0x00421a01
0x00421a04
0x00000000
0x00421a06
0x00421a09
0x00421a0c
0x00421a0f
0x00421a12
0x00421a18
0x00000000
0x00421a18
0x00000000
0x00421aa3
0x00421aa6
0x00421aa9
0x00000000
0x00000000
0x004219c0
0x004219c0
0x004219c3
0x004219c6
0x004219c9
0x004219e1
0x004219e4
0x004219e4
0x004219e7
0x004219cb
0x004219ce
0x004219d1
0x004219d7
0x004219dc
0x004219dc
0x00000000
0x00000000
0x00421aae
0x00421aae
0x00421ab1
0x00421ab1
0x00421ab6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00421abe
0x00421abe
0x00421ac5
0x00421ad1
0x00421ad4
0x00421ada
0x00421ae1
0x00000000
0x00422302
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x004222bc
0x004222bf
0x004222c2
0x004222c5
0x004222c8
0x004222cb
0x004222d1
0x004222d1
0x004222d1
0x004222d9
0x004222dd
0x00000000
0x00000000
0x004222df
0x004222df
0x004222e2
0x004222e5
0x004222e5
0x004222ea
0x004222ed
0x004222f0
0x004222f3
0x004222f6
0x004222f9
0x004222fc
0x004222fc
0x004222ff
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00421ae7
0x00421aed
0x00421aed
0x00421af4
0x00000000
0x00421e4e
0x00421e4e
0x00421e55
0x00421e5c
0x00421e5c
0x00421e5f
0x00000000
0x00000000
0x00421afb
0x00421afe
0x00421afe
0x00421b04
0x00421b06
0x00421b09
0x00421b09
0x00421b0e
0x00421b0e
0x00000000
0x00000000
0x00421c3b
0x00421c3e
0x00421c3e
0x00421c43
0x00421c45
0x00421c48
0x00421c48
0x00421c4e
0x00421c4e
0x00000000
0x00000000
0x0042201b
0x0042201b
0x00000000
0x00000000
0x00000000
0x00000000
0x00421e65
0x00421e68
0x00421e6b
0x00421e6e
0x00421e74
0x00421e77
0x00421e7e
0x00421e82
0x00421e8d
0x00421e8d
0x00421e91
0x00421ea8
0x00421ea8
0x00421eaf
0x00421eb1
0x00421eb1
0x00421eb8
0x00421eb8
0x00421ebf
0x00421ed0
0x00421edf
0x00421ee2
0x00421ee6
0x00421efc
0x00421ee8
0x00421ee8
0x00421eeb
0x00421ef1
0x00421ef7
0x00421ef7
0x00421ee6
0x00421f06
0x00421f09
0x00421f0c
0x00421f0f
0x00421f12
0x00421f15
0x00421f1b
0x00421f21
0x00421f29
0x00421f2a
0x00421f2d
0x00421f2e
0x00421f31
0x00421f32
0x00421f39
0x00421f3a
0x00421f3d
0x00421f3e
0x00421f41
0x00421f42
0x00421f48
0x00421f49
0x00421f57
0x00421f59
0x00421f5f
0x00421f5f
0x00421f65
0x00421f67
0x00421f6b
0x00421f6d
0x00421f75
0x00421f76
0x00421f79
0x00421f7a
0x00421f88
0x00421f8a
0x00421f8a
0x00421f6b
0x00421f8d
0x00421f94
0x00421f97
0x00421f9c
0x00421f9c
0x00421fa2
0x00421fa4
0x00421fac
0x00421fad
0x00421fb0
0x00421fb1
0x00421fc0
0x00421fc2
0x00421fc2
0x00421fa2
0x00421fc5
0x00421fc8
0x00421fcb
0x00421fce
0x00421fd3
0x00421fd9
0x00421fdc
0x00421fdf
0x00421fdf
0x00421fe2
0x00421fe2
0x00421fe5
0x00421ff1
0x00000000
0x00421ff1
0x00421e93
0x00421e93
0x00421e9a
0x00421e9d
0x00000000
0x00000000
0x00421e9f
0x00421e9f
0x00000000
0x00421e9f
0x00421e84
0x00421e84
0x00000000
0x00000000
0x00421b11
0x00421b14
0x00421b14
0x00421b1a
0x00421b75
0x00421b7d
0x00421b84
0x00421b8a
0x00421b90
0x00421b1c
0x00421b1c
0x00421b26
0x00421b2a
0x00421b32
0x00421b39
0x00421b46
0x00421b4d
0x00421b59
0x00421b5f
0x00421b66
0x00421b68
0x00421b68
0x00421b6f
0x00421b97
0x00421b9d
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00000000
0x00421ff9
0x00421ffc
0x00421fff
0x00422002
0x00000000
0x00000000
0x00421d57
0x00421d57
0x00421d63
0x00421d69
0x00421d6e
0x00421d70
0x00421e1a
0x00421e1d
0x00421e1d
0x00421e20
0x00421e34
0x00421e3a
0x00421e40
0x00421e22
0x00421e22
0x00421e2f
0x00421e2f
0x00421e42
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00421d76
0x00421d76
0x00421d76
0x00421d78
0x00421d86
0x00421d7a
0x00421d7a
0x00421d7a
0x00421d90
0x00421d96
0x00421d9c
0x00421da3
0x00421da5
0x00421daa
0x00421dac
0x00421db1
0x00421db6
0x00421db8
0x00421dbd
0x00421dc0
0x00421dc3
0x00421dc5
0x00421dc5
0x00421dc3
0x00421dc6
0x00421dcd
0x00421e15
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00421dcf
0x00421dcf
0x00421dd4
0x00421df0
0x00421df8
0x00421e02
0x00421e05
0x00421e0a
0x00000000
0x00421e0a
0x00000000
0x0042205c
0x0042205c
0x00422066
0x00422066
0x0042206c
0x0042206e
0x00422071
0x00422071
0x00422077
0x00422077
0x00000000
0x00000000
0x00422014
0x00422014
0x00000000
0x00000000
0x00421c51
0x00421c51
0x00421c55
0x00421c63
0x00421c66
0x00421c57
0x00421c57
0x00421c57
0x00421c6c
0x00421c72
0x00421c78
0x00421c84
0x00421c8a
0x00421c8a
0x00421c90
0x00421cf7
0x00421cf7
0x00421cfb
0x00421cfd
0x00421d03
0x00421d03
0x00421d06
0x00421d09
0x00421d0f
0x00421d0f
0x00421d0f
0x00421d1b
0x00421d1e
0x00421d24
0x00421d26
0x00000000
0x00000000
0x00421d28
0x00421d28
0x00421d2e
0x00421d31
0x00421d33
0x00000000
0x00000000
0x00421d35
0x00421d3b
0x00421d3e
0x00421d3e
0x00421d46
0x00421d46
0x00421d4c
0x00421d4c
0x00421d4f
0x00000000
0x00421c92
0x00421c92
0x00421c92
0x00421c96
0x00421c98
0x00421c9d
0x00421c9d
0x00421ca0
0x00421ca7
0x00421caa
0x00421cb0
0x00421cb0
0x00421cb0
0x00421cbc
0x00421cbf
0x00421cc5
0x00421cc7
0x00000000
0x00000000
0x00421cc9
0x00421cc9
0x00421ccf
0x00421cd2
0x00421cd4
0x00000000
0x00000000
0x00421cd6
0x00421cdc
0x00421cdf
0x00421cdf
0x00421ce7
0x00421ced
0x00421cf0
0x00421cf2
0x00421d52
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00000000
0x0042200b
0x0042200b
0x00000000
0x00000000
0x00422027
0x00422027
0x00422031
0x00422031
0x0042203b
0x0042203b
0x00422041
0x00422043
0x0042204d
0x0042204d
0x00422050
0x00422053
0x00422053
0x0042207a
0x0042207d
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x00422136
0x0042213a
0x00422142
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211b
0x0042211f
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f5
0x00422101
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220d9
0x004220dd
0x004220e5
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220ac
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422084
0x00422090
0x00422096
0x00422096
0x00422153
0x00422153
0x00422156
0x00422198
0x00422198
0x0042219e
0x004221a4
0x004221aa
0x00000000
0x00422158
0x00422158
0x00422158
0x0042215f
0x00000000
0x00000000
0x00422161
0x00422161
0x0042216c
0x00422172
0x00422174
0x0042217a
0x0042217d
0x0042217f
0x00422185
0x0042218e
0x00422193
0x004221b0
0x004221b3
0x004221b3
0x004221b8
0x004221bd
0x004221bd
0x004221c3
0x004221c5
0x004221cb
0x004221d1
0x004221d1
0x004221da
0x004221da
0x004221c3
0x004221e0
0x004221e4
0x004221f2
0x004221f5
0x004221f8
0x004221ff
0x00422201
0x00422201
0x004221e6
0x004221e6
0x004221e6
0x0042220e
0x0042220e
0x00422214
0x00422216
0x00422216
0x0042221d
0x00422220
0x00422223
0x00422223
0x00422223
0x00422229
0x0042222c
0x0042222f
0x00422231
0x00000000
0x00000000
0x00422233
0x00422239
0x00422239
0x0042223f
0x00000000
0x00000000
0x00422241
0x00422241
0x00422244
0x00422247
0x0042224e
0x00422255
0x0042225d
0x00422263
0x00422266
0x00422269
0x00422270
0x0042227c
0x00422282
0x00422288
0x0042228f
0x00422291
0x00422297
0x00422297
0x0042229d
0x0042229d
0x004222a3
0x004222a6
0x004222ac
0x004222b1
0x004222b4
0x00422223
0x00422223
0x00422229
0x0042222c
0x0042222f
0x00422231
0x00000000
0x00000000
0x00000000
0x00422231
0x00422223
0x00422163
0x00422163
0x0042216a
0x00000000
0x00000000
0x00000000
0x0042216a
0x00000000
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00000000
0x004218c1
0x004218c4
0x004218c7
0x00000000
0x00000000
0x004218cc
0x004218cf
0x004218d4
0x00000000
0x00000000
0x004218b6
0x004218b6
0x004218b9
0x004218bc
0x00000000
0x00000000
0x004218ab
0x004218ae
0x004218b1
0x00000000
0x00000000
0x004218d9
0x004218d9
0x004218dc
0x004218dc
0x004218df
0x00000000
0x00000000
0x004218e2
0x00000000
0x00000000
0x0042167e
0x00421680
0x0042168e
0x00421682
0x00421682
0x00421682
0x00421698
0x0042169e
0x004216ab
0x004216ad
0x004216b2
0x004216b4
0x004216b9
0x004216be
0x004216c0
0x004216c5
0x004216cb
0x004216cd
0x004216cd
0x004216cb
0x004216ce
0x004216d5
0x00000000
0x004216d7
0x004216dc
0x004216f8
0x00421700
0x0042170d
0x00421712
0x004225d1
0x004225de
0x004225de
0x004216d5
0x00421678
0x0042250d
0x00422514
0x0042252b
0x0042252b
0x00422535
0x00422535
0x0042253b
0x00422548
0x0042254a
0x0042254f
0x00422551
0x00422556
0x0042255b
0x0042255d
0x00422562
0x00422568
0x0042256a
0x0042256a
0x00422568
0x00422572
0x004225bd
0x004225c6
0x004225cb
0x00422574
0x00422579
0x00422595
0x0042259d
0x004225aa
0x004225af
0x004225af
0x00000000
0x00422572
0x00422516
0x0042251d
0x00000000
0x00000000
0x0042251f
0x0042251f
0x00000000
0x0042251f
0x00422302
0x00421bcc
0x00421bcc
0x00421bd2
0x00421bd9
0x00421bde
0x00421be1
0x00000000
0x00421be1

APIs

_get_int_arg.LIBCMTD ref: 00421BA9
_strlen.LIBCMT ref: 00421BD9
_write_multi_char.LIBCMTD ref: 0042237E
_write_string.LIBCMTD ref: 00422399
_write_multi_char.LIBCMTD ref: 004223C5
_wctomb_s.LIBCMTD ref: 00422442

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\output.c, xrefs: 004216B9, 004216E9
$t@, xrefs: 00421BCC
_output_s_l, xrefs: 004216EE
-, xrefs: 0042231E
("Incorrect format specifier", 0), xrefs: 004216AD, 004216F3

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: _write_multi_char$_get_int_arg_strlen_wctomb_s_write_string
String ID: $t@$("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
API String ID: 2232461714-1826274018
Opcode ID: 63fb849474a1b14ab00d657b05b96aa36585692f8c4d09d9fa708a823a1b6086
Instruction ID: f99a0ced48311691e25e8a193492f807c8a9687741291efd5154416d5b1f4ffc
Opcode Fuzzy Hash: 63fb849474a1b14ab00d657b05b96aa36585692f8c4d09d9fa708a823a1b6086
Instruction Fuzzy Hash: 11A18D70E012299BDF24DF54DD49BEEB7B0BB88304F5481DAE4096B291D7789E80CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00423424 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 222
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E00423424(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t482;
				signed int _t484;
				signed int _t487;
				void* _t492;
				signed int _t494;
				void* _t502;
				void* _t520;
				signed int _t524;
				void* _t534;
				signed int _t567;
				signed int _t573;
				void* _t594;
				void* _t595;
				signed int _t596;
				void* _t598;
				void* _t599;

				L0:
				while(1) {
					L0:
					_t595 = __esi;
					_t594 = __edi;
					_t534 = __ebx;
					_t482 = E0041C290(_t596 + 0x14);
					_t599 = _t598 + 4;
					 *((intOrPtr*)(_t596 - 0x474)) = _t482;
					if( *((intOrPtr*)(_t596 - 0x474)) == 0) {
						goto L76;
					}
					L75:
					__ecx =  *(__ebp - 0x474);
					if( *(__ecx + 4) != 0) {
						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
						if(( *(__ebp - 0x10) & 0x00000800) == 0) {
							 *(__ebp - 0xc) = 0;
							__edx =  *(__ebp - 0x474);
							__eax =  *(__edx + 4);
							 *(__ebp - 4) =  *(__edx + 4);
							__ecx =  *(__ebp - 0x474);
							__edx =  *__ecx;
							 *(__ebp - 0x24) =  *__ecx;
						} else {
							__edx =  *(__ebp - 0x474);
							__eax =  *(__edx + 4);
							 *(__ebp - 4) =  *(__edx + 4);
							__ecx =  *(__ebp - 0x474);
							__eax =  *__ecx;
							asm("cdq");
							 *__ecx - __edx =  *__ecx - __edx >> 1;
							 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
							 *(__ebp - 0xc) = 1;
						}
						L80:
						while(1) {
							L187:
							if( *(_t596 - 0x28) != 0) {
								goto L212;
							}
							L188:
							if(( *(_t596 - 0x10) & 0x00000040) != 0) {
								if(( *(_t596 - 0x10) & 0x00000100) == 0) {
									if(( *(_t596 - 0x10) & 0x00000001) == 0) {
										if(( *(_t596 - 0x10) & 0x00000002) != 0) {
											 *((short*)(_t596 - 0x14)) = 0x20;
											 *(_t596 - 0x1c) = 1;
										}
									} else {
										 *((short*)(_t596 - 0x14)) = 0x2b;
										 *(_t596 - 0x1c) = 1;
									}
								} else {
									 *((short*)(_t596 - 0x14)) = 0x2d;
									 *(_t596 - 0x1c) = 1;
								}
							}
							 *((intOrPtr*)(_t596 - 0x4ac)) =  *((intOrPtr*)(_t596 - 0x18)) -  *(_t596 - 0x24) -  *(_t596 - 0x1c);
							if(( *(_t596 - 0x10) & 0x0000000c) == 0) {
								E00423FF0(0x20,  *((intOrPtr*)(_t596 - 0x4ac)),  *((intOrPtr*)(_t596 + 8)), _t596 - 0x44c);
								_t599 = _t599 + 0x10;
							}
							E00424030( *(_t596 - 0x1c), _t596 - 0x14,  *(_t596 - 0x1c),  *((intOrPtr*)(_t596 + 8)), _t596 - 0x44c);
							_t599 = _t599 + 0x10;
							if(( *(_t596 - 0x10) & 0x00000008) != 0) {
								if(( *(_t596 - 0x10) & 0x00000004) == 0) {
									E00423FF0(0x30,  *((intOrPtr*)(_t596 - 0x4ac)),  *((intOrPtr*)(_t596 + 8)), _t596 - 0x44c);
									_t599 = _t599 + 0x10;
								}
							}
							if( *(_t596 - 0xc) != 0) {
								L208:
								E00424030( *(_t596 - 0x24),  *(_t596 - 4),  *(_t596 - 0x24),  *((intOrPtr*)(_t596 + 8)), _t596 - 0x44c);
								_t599 = _t599 + 0x10;
								goto L209;
							} else {
								L201:
								if( *(_t596 - 0x24) <= 0) {
									goto L208;
								}
								L202:
								 *(_t596 - 0x4b0) =  *(_t596 - 4);
								 *(_t596 - 0x4b4) =  *(_t596 - 0x24);
								while(1) {
									L203:
									 *(_t596 - 0x4b4) =  *(_t596 - 0x4b4) - 1;
									if( *(_t596 - 0x4b4) <= 0) {
										break;
									}
									L204:
									_t520 = E0040D3B0(_t596 - 0x40);
									_t524 = E00419150(_t596 - 0x458,  *(_t596 - 0x4b0),  *((intOrPtr*)( *((intOrPtr*)(E0040D3B0(_t596 - 0x40))) + 0xac)), _t520);
									_t599 = _t599 + 0x10;
									 *(_t596 - 0x4b8) = _t524;
									if( *(_t596 - 0x4b8) > 0) {
										L206:
										E00423F90( *(_t596 - 0x458) & 0x0000ffff,  *((intOrPtr*)(_t596 + 8)), _t596 - 0x44c);
										_t599 = _t599 + 0xc;
										 *(_t596 - 0x4b0) =  *(_t596 - 0x4b0) +  *(_t596 - 0x4b8);
										continue;
									}
									L205:
									 *(_t596 - 0x44c) = 0xffffffff;
									break;
								}
								L207:
								L209:
								if( *(_t596 - 0x44c) >= 0) {
									if(( *(_t596 - 0x10) & 0x00000004) != 0) {
										E00423FF0(0x20,  *((intOrPtr*)(_t596 - 0x4ac)),  *((intOrPtr*)(_t596 + 8)), _t596 - 0x44c);
										_t599 = _t599 + 0x10;
									}
								}
							}
							L212:
							if( *(_t596 - 0x20) != 0) {
								L0040C240( *(_t596 - 0x20), 2);
								_t599 = _t599 + 8;
								 *(_t596 - 0x20) = 0;
							}
							while(1) {
								L214:
								 *(_t596 - 0x454) =  *((intOrPtr*)( *((intOrPtr*)(_t596 + 0xc))));
								_t535 =  *(_t596 - 0x454) & 0x0000ffff;
								 *((intOrPtr*)(_t596 + 0xc)) =  *((intOrPtr*)(_t596 + 0xc)) + 2;
								if(( *(_t596 - 0x454) & 0x0000ffff) == 0 ||  *(_t596 - 0x44c) < 0) {
									break;
								} else {
									if(( *(_t596 - 0x454) & 0x0000ffff) < 0x20 || ( *(_t596 - 0x454) & 0x0000ffff) > 0x78) {
										 *(_t596 - 0x4d8) = 0;
									} else {
										 *(_t596 - 0x4d8) =  *(( *(_t596 - 0x454) & 0x0000ffff) + L"pecifier\", 0)") & 0xf;
									}
								}
								L7:
								 *(_t596 - 0x450) =  *(_t596 - 0x4d8);
								_t573 =  *(_t596 - 0x450) * 9;
								_t494 =  *(_t596 - 0x45c);
								_t543 = ( *(_t573 + _t494 + 0x4083d0) & 0x000000ff) >> 4;
								 *(_t596 - 0x45c) = ( *(_t573 + _t494 + 0x4083d0) & 0x000000ff) >> 4;
								if( *(_t596 - 0x45c) != 8) {
									L16:
									 *(_t596 - 0x4e0) =  *(_t596 - 0x45c);
									if( *(_t596 - 0x4e0) > 7) {
										continue;
									}
									L17:
									switch( *((intOrPtr*)( *(_t596 - 0x4e0) * 4 +  &M00423E84))) {
										case 0:
											L18:
											 *(_t596 - 0xc) = 1;
											E00423F90( *(_t596 - 0x454) & 0x0000ffff,  *((intOrPtr*)(_t596 + 8)), _t596 - 0x44c);
											_t599 = _t599 + 0xc;
											goto L214;
										case 1:
											L19:
											 *(__ebp - 0x2c) = 0;
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x28) = __ecx;
											__edx =  *(__ebp - 0x28);
											 *(__ebp - 0x18) =  *(__ebp - 0x28);
											__eax =  *(__ebp - 0x18);
											 *(__ebp - 0x1c) =  *(__ebp - 0x18);
											 *(__ebp - 0x10) = 0;
											 *(__ebp - 0x30) = 0xffffffff;
											 *(__ebp - 0xc) = 0;
											goto L214;
										case 2:
											L20:
											__ecx =  *(__ebp - 0x454) & 0x0000ffff;
											 *(__ebp - 0x4e4) = __ecx;
											 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
											 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
											__eflags =  *(__ebp - 0x4e4) - 0x10;
											if( *(__ebp - 0x4e4) > 0x10) {
												goto L27;
											}
											L21:
											_t59 =  *(__ebp - 0x4e4) + 0x423ebc; // 0x498d04
											__ecx =  *_t59 & 0x000000ff;
											switch( *((intOrPtr*)(__ecx * 4 +  &M00423EA4))) {
												case 0:
													goto L24;
												case 1:
													goto L25;
												case 2:
													goto L23;
												case 3:
													goto L22;
												case 4:
													goto L26;
												case 5:
													goto L27;
											}
										case 3:
											L28:
											__ecx =  *(__ebp - 0x454) & 0x0000ffff;
											__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x2a;
											if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
												__edx =  *(__ebp - 0x18);
												__edx =  *(__ebp - 0x18) * 0xa;
												__eflags = __edx;
												_t83 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
												__ecx = __edx + _t83;
												 *(__ebp - 0x18) = __ecx;
											} else {
												__edx = __ebp + 0x14;
												 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
												__eflags =  *(__ebp - 0x18);
												if( *(__ebp - 0x18) < 0) {
													__eax =  *(__ebp - 0x10);
													__eax =  *(__ebp - 0x10) | 0x00000004;
													__eflags = __eax;
													 *(__ebp - 0x10) = __eax;
													__ecx =  *(__ebp - 0x18);
													__ecx =  ~( *(__ebp - 0x18));
													 *(__ebp - 0x18) = __ecx;
												}
											}
											L33:
											goto L214;
										case 4:
											L34:
											 *(__ebp - 0x30) = 0;
											goto L214;
										case 5:
											L35:
											__edx =  *(__ebp - 0x454) & 0x0000ffff;
											__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x2a;
											if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
												__ecx =  *(__ebp - 0x30);
												__ecx =  *(__ebp - 0x30) * 0xa;
												__eflags = __ecx;
												_t94 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
												__eax = __ecx + _t94;
												 *(__ebp - 0x30) = __ecx + _t94;
											} else {
												__eax = __ebp + 0x14;
												 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
												__eflags =  *(__ebp - 0x30);
												if( *(__ebp - 0x30) < 0) {
													 *(__ebp - 0x30) = 0xffffffff;
												}
											}
											goto L214;
										case 6:
											L41:
											__ecx =  *(__ebp - 0x454) & 0x0000ffff;
											 *(__ebp - 0x4e8) = __ecx;
											 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
											 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
											__eflags =  *(__ebp - 0x4e8) - 0x2e;
											if( *(__ebp - 0x4e8) > 0x2e) {
												L64:
												goto L214;
											}
											L42:
											_t102 =  *(__ebp - 0x4e8) + 0x423ee4; // 0x36f19003
											__ecx =  *_t102 & 0x000000ff;
											switch( *((intOrPtr*)(__ecx * 4 +  &M00423ED0))) {
												case 0:
													L47:
													__ecx =  *(__ebp + 0xc);
													__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
													__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x36;
													if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x36) {
														L50:
														__ecx =  *(__ebp + 0xc);
														__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
														__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x33;
														if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x33) {
															L53:
															__ecx =  *(__ebp + 0xc);
															__edx =  *__ecx & 0x0000ffff;
															__eflags = ( *__ecx & 0x0000ffff) - 0x64;
															if(( *__ecx & 0x0000ffff) == 0x64) {
																L59:
																L61:
																goto L64;
															}
															L54:
															__eax =  *(__ebp + 0xc);
															__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
															__eflags = __ecx - 0x69;
															if(__ecx == 0x69) {
																goto L59;
															}
															L55:
															__edx =  *(__ebp + 0xc);
															__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
															__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x6f;
															if(( *( *(__ebp + 0xc)) & 0x0000ffff) == 0x6f) {
																goto L59;
															}
															L56:
															__ecx =  *(__ebp + 0xc);
															__edx =  *__ecx & 0x0000ffff;
															__eflags = ( *__ecx & 0x0000ffff) - 0x75;
															if(( *__ecx & 0x0000ffff) == 0x75) {
																goto L59;
															}
															L57:
															__eax =  *(__ebp + 0xc);
															__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
															__eflags = __ecx - 0x78;
															if(__ecx == 0x78) {
																goto L59;
															}
															L58:
															__edx =  *(__ebp + 0xc);
															__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
															__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x58;
															if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x58) {
																 *(__ebp - 0x45c) = 0;
																goto L18;
															}
															goto L59;
														}
														L51:
														__eax =  *(__ebp + 0xc);
														__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
														__eflags = __ecx - 0x32;
														if(__ecx != 0x32) {
															goto L53;
														} else {
															 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
															 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
															goto L61;
														}
													}
													L48:
													__eax =  *(__ebp + 0xc);
													__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
													__eflags = __ecx - 0x34;
													if(__ecx != 0x34) {
														goto L50;
													} else {
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
														 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
														goto L61;
													}
												case 1:
													L62:
													__ecx =  *(__ebp - 0x10);
													__ecx =  *(__ebp - 0x10) | 0x00000020;
													 *(__ebp - 0x10) = __ecx;
													goto L64;
												case 2:
													L43:
													__edx =  *(__ebp + 0xc);
													__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
													__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x6c;
													if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x6c) {
														__eax =  *(__ebp - 0x10);
														__eax =  *(__ebp - 0x10) | 0x00000010;
														__eflags = __eax;
														 *(__ebp - 0x10) = __eax;
													} else {
														__ecx =  *(__ebp + 0xc);
														__ecx =  *(__ebp + 0xc) + 2;
														 *(__ebp + 0xc) = __ecx;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
													}
													goto L64;
												case 3:
													L63:
													__edx =  *(__ebp - 0x10);
													__edx =  *(__ebp - 0x10) | 0x00000800;
													__eflags = __edx;
													 *(__ebp - 0x10) = __edx;
													goto L64;
												case 4:
													goto L64;
											}
										case 7:
											L65:
											__eax =  *(__ebp - 0x454) & 0x0000ffff;
											 *(__ebp - 0x4ec) =  *(__ebp - 0x454) & 0x0000ffff;
											__ecx =  *(__ebp - 0x4ec);
											__ecx =  *(__ebp - 0x4ec) - 0x41;
											 *(__ebp - 0x4ec) = __ecx;
											__eflags =  *(__ebp - 0x4ec) - 0x37;
											if( *(__ebp - 0x4ec) > 0x37) {
												goto L187;
												do {
													do {
														while(1) {
															L187:
															if( *(_t596 - 0x28) != 0) {
																goto L212;
															}
															goto L188;
														}
														L183:
														__ebp - 0x249 = __ebp - 0x249 -  *(__ebp - 4);
														 *(__ebp - 0x24) = __ebp - 0x249 -  *(__ebp - 4);
														__ecx =  *(__ebp - 4);
														__ecx =  *(__ebp - 4) + 1;
														 *(__ebp - 4) = __ecx;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000200;
														__eflags =  *(__ebp - 0x10) & 0x00000200;
													} while (( *(__ebp - 0x10) & 0x00000200) == 0);
													__eflags =  *(__ebp - 0x24);
													if( *(__ebp - 0x24) == 0) {
														break;
													}
													L185:
													__eax =  *(__ebp - 4);
													__ecx =  *( *(__ebp - 4));
													__eflags = __ecx - 0x30;
												} while (__ecx == 0x30);
												L186:
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												__eax =  *(__ebp - 4);
												 *( *(__ebp - 4)) = 0x30;
												__ecx =  *(__ebp - 0x24);
												__ecx =  *(__ebp - 0x24) + 1;
												__eflags = __ecx;
												 *(__ebp - 0x24) = __ecx;
												while(1) {
													L187:
													if( *(_t596 - 0x28) != 0) {
														goto L212;
													}
													goto L188;
												}
											}
											L66:
											_t143 =  *(__ebp - 0x4ec) + 0x423f50; // 0xcccccc0d
											__eax =  *_t143 & 0x000000ff;
											switch( *((intOrPtr*)(( *_t143 & 0x000000ff) * 4 +  &M00423F14))) {
												case 0:
													L119:
													 *(__ebp - 0x2c) = 1;
													 *(__ebp - 0x454) & 0x0000ffff = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
													__eflags = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
													 *(__ebp - 0x454) = __ax;
													goto L120;
												case 1:
													L67:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
													__eflags =  *(__ebp - 0x10) & 0x00000830;
													if(( *(__ebp - 0x10) & 0x00000830) == 0) {
														__edx =  *(__ebp - 0x10);
														__edx =  *(__ebp - 0x10) | 0x00000020;
														__eflags = __edx;
														 *(__ebp - 0x10) = __edx;
													}
													goto L69;
												case 2:
													L81:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
													__eflags =  *(__ebp - 0x10) & 0x00000830;
													if(( *(__ebp - 0x10) & 0x00000830) == 0) {
														__ecx =  *(__ebp - 0x10);
														__ecx =  *(__ebp - 0x10) | 0x00000020;
														__eflags = __ecx;
														 *(__ebp - 0x10) = __ecx;
													}
													goto L83;
												case 3:
													L143:
													 *(__ebp - 0x460) = 7;
													goto L145;
												case 4:
													goto L0;
												case 5:
													L120:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													__edx = __ebp - 0x448;
													 *(__ebp - 4) = __ebp - 0x448;
													 *(__ebp - 0x44) = 0x200;
													__eflags =  *(__ebp - 0x30);
													if( *(__ebp - 0x30) >= 0) {
														L122:
														__eflags =  *(__ebp - 0x30);
														if( *(__ebp - 0x30) != 0) {
															L125:
															__eflags =  *(__ebp - 0x30) - 0x200;
															if( *(__ebp - 0x30) > 0x200) {
																 *(__ebp - 0x30) = 0x200;
															}
															L127:
															__eflags =  *(__ebp - 0x30) - 0xa3;
															if( *(__ebp - 0x30) > 0xa3) {
																__ecx =  *(__ebp - 0x30);
																__ecx =  *(__ebp - 0x30) + 0x15d;
																 *(__ebp - 0x20) = L0040B5C0( *(__ebp - 0x30) + 0x15d,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																__eflags =  *(__ebp - 0x20);
																if( *(__ebp - 0x20) == 0) {
																	 *(__ebp - 0x30) = 0xa3;
																} else {
																	__edx =  *(__ebp - 0x20);
																	 *(__ebp - 4) =  *(__ebp - 0x20);
																	 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																	 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																}
															}
															 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
															 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
															__edx =  *(__ebp + 0x14);
															__eax =  *(__edx - 8);
															__ecx =  *(__edx - 4);
															 *(__ebp - 0x490) =  *(__edx - 8);
															 *(__ebp - 0x48c) =  *(__edx - 4);
															__ecx = __ebp - 0x40;
															_push(E0040D3B0(__ebp - 0x40));
															__edx =  *(__ebp - 0x2c);
															_push( *(__ebp - 0x2c));
															__eax =  *(__ebp - 0x30);
															_push( *(__ebp - 0x30));
															__ecx =  *(__ebp - 0x454);
															_push( *(__ebp - 0x454));
															__edx =  *(__ebp - 0x44);
															_push( *(__ebp - 0x44));
															__eax =  *(__ebp - 4);
															_push( *(__ebp - 4));
															__ecx = __ebp - 0x490;
															_push(__ebp - 0x490);
															__edx =  *0x60b3cc; // 0x7e8c4bdb
															E00410200(__edx) =  *__eax();
															__esp = __esp + 0x1c;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
															__eflags =  *(__ebp - 0x10) & 0x00000080;
															if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) == 0) {
																	__ecx = __ebp - 0x40;
																	_push(E0040D3B0(__ebp - 0x40));
																	__ecx =  *(__ebp - 4);
																	_push( *(__ebp - 4));
																	__edx =  *0x60b3d8; // 0x7e8c4bdb
																	E00410200(__edx) =  *__eax();
																	__esp = __esp + 8;
																}
															}
															__eax =  *(__ebp - 0x454) & 0x0000ffff;
															__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x67;
															if(( *(__ebp - 0x454) & 0x0000ffff) == 0x67) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																__eflags =  *(__ebp - 0x10) & 0x00000080;
																if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																	__ecx = __ebp - 0x40;
																	_push(E0040D3B0(__ebp - 0x40));
																	__edx =  *(__ebp - 4);
																	_push( *(__ebp - 4));
																	__eax =  *0x60b3d4; // 0x7e8c4bdb
																	__eax =  *__eax();
																	__esp = __esp + 8;
																}
															}
															__ecx =  *(__ebp - 4);
															__edx =  *( *(__ebp - 4));
															__eflags =  *( *(__ebp - 4)) - 0x2d;
															if( *( *(__ebp - 4)) == 0x2d) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																__ecx =  *(__ebp - 4);
																__ecx =  *(__ebp - 4) + 1;
																__eflags = __ecx;
																 *(__ebp - 4) = __ecx;
															}
															__edx =  *(__ebp - 4);
															 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
															goto L187;
														}
														L123:
														__eax =  *(__ebp - 0x454) & 0x0000ffff;
														__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x67;
														if(( *(__ebp - 0x454) & 0x0000ffff) != 0x67) {
															goto L125;
														}
														L124:
														 *(__ebp - 0x30) = 1;
														goto L127;
													}
													L121:
													 *(__ebp - 0x30) = 6;
													goto L127;
												case 6:
													L69:
													 *(__ebp - 0xc) = 1;
													__ebp + 0x14 = E0041C290(__ebp + 0x14);
													 *(__ebp - 0x458) = __ax;
													__ecx =  *(__ebp - 0x10);
													__ecx =  *(__ebp - 0x10) & 0x00000020;
													__eflags = __ecx;
													if(__ecx == 0) {
														 *(__ebp - 0x448) =  *(__ebp - 0x458);
													} else {
														 *(__ebp - 0x458) & 0x0000ffff =  *(__ebp - 0x458) & 0xff;
														 *(__ebp - 0x470) = __dl;
														 *((char*)(__ebp - 0x46f)) = 0;
														__ecx = __ebp - 0x40;
														__eax = E0040D3B0(__ebp - 0x40);
														__ecx = __ebp - 0x40;
														E0040D3B0(__ebp - 0x40) =  *__eax;
														__ecx =  *(__ebp - 0x448 + 0xac);
														__edx = __ebp - 0x470;
														__eax = __ebp - 0x448;
														__eax = E00419150(__ebp - 0x448, __ebp - 0x470,  *(__ebp - 0x448 + 0xac), __ebp - 0x448);
														__eflags = __eax;
														if(__eax < 0) {
															 *(__ebp - 0x28) = 1;
														}
													}
													__edx = __ebp - 0x448;
													 *(__ebp - 4) = __ebp - 0x448;
													 *(__ebp - 0x24) = 1;
													do {
														L187:
														if( *(_t596 - 0x28) != 0) {
															goto L212;
														}
														goto L188;
													} while ( *(__ebp - 0x4ec) > 0x37);
													goto L66;
												case 7:
													L140:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
													 *(__ebp - 8) = 0xa;
													goto L150;
												case 8:
													L105:
													__eax = __ebp + 0x14;
													 *(__ebp - 0x484) = E0041C290(__ebp + 0x14);
													__eax = E00420F80();
													__eflags = __eax;
													if(__eax != 0) {
														L115:
														__ecx =  *(__ebp - 0x10);
														__ecx =  *(__ebp - 0x10) & 0x00000020;
														__eflags = __ecx;
														if(__ecx == 0) {
															__ecx =  *(__ebp - 0x484);
															__edx =  *(__ebp - 0x44c);
															 *__ecx =  *(__ebp - 0x44c);
														} else {
															__edx =  *(__ebp - 0x484);
															__ax =  *(__ebp - 0x44c);
															 *( *(__ebp - 0x484)) = __ax;
														}
														 *(__ebp - 0x28) = 1;
														while(1) {
															L187:
															if( *(_t596 - 0x28) != 0) {
																goto L212;
															}
															goto L188;
														}
													}
													L106:
													__ecx = 0;
													__eflags = 0;
													if(0 == 0) {
														 *(__ebp - 0x4f4) = 0;
													} else {
														 *(__ebp - 0x4f4) = 1;
													}
													__edx =  *(__ebp - 0x4f4);
													 *(__ebp - 0x488) =  *(__ebp - 0x4f4);
													__eflags =  *(__ebp - 0x488);
													if( *(__ebp - 0x488) == 0) {
														_push(L"(\"\'n\' format specifier disabled\", 0)");
														_push(0);
														_push(0x695);
														_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
														_push(2);
														__eax = L0040E1A0();
														__esp = __esp + 0x14;
														__eflags = __eax - 1;
														if(__eax == 1) {
															asm("int3");
														}
													}
													__eflags =  *(__ebp - 0x488);
													if( *(__ebp - 0x488) != 0) {
														L114:
														while(1) {
															L187:
															if( *(_t596 - 0x28) != 0) {
																goto L212;
															}
															goto L188;
														}
													} else {
														L113:
														 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
														__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
														 *(__ebp - 0x4cc) = 0xffffffff;
														__ecx = __ebp - 0x40;
														__eax = E0040D380(__ecx);
														__eax =  *(__ebp - 0x4cc);
														goto L225;
													}
												case 9:
													L148:
													 *(__ebp - 8) = 8;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
													__eflags =  *(__ebp - 0x10) & 0x00000080;
													if(( *(__ebp - 0x10) & 0x00000080) != 0) {
														__edx =  *(__ebp - 0x10);
														__edx =  *(__ebp - 0x10) | 0x00000200;
														__eflags = __edx;
														 *(__ebp - 0x10) = __edx;
													}
													goto L150;
												case 0xa:
													L142:
													 *(__ebp - 0x30) = 8;
													goto L143;
												case 0xb:
													L83:
													__eflags =  *(__ebp - 0x30) - 0xffffffff;
													if( *(__ebp - 0x30) != 0xffffffff) {
														__edx =  *(__ebp - 0x30);
														 *(__ebp - 0x4f0) =  *(__ebp - 0x30);
													} else {
														 *(__ebp - 0x4f0) = 0x7fffffff;
													}
													__eax =  *(__ebp - 0x4f0);
													 *(__ebp - 0x47c) =  *(__ebp - 0x4f0);
													__ecx = __ebp + 0x14;
													 *(__ebp - 4) = E0041C290(__ebp + 0x14);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
													__eflags =  *(__ebp - 0x10) & 0x00000020;
													if(( *(__ebp - 0x10) & 0x00000020) == 0) {
														L97:
														__eflags =  *(__ebp - 4);
														if( *(__ebp - 4) == 0) {
															__ecx =  *0x60b4f4; // 0x407414
															 *(__ebp - 4) = __ecx;
														}
														 *(__ebp - 0xc) = 1;
														__edx =  *(__ebp - 4);
														 *(__ebp - 0x480) =  *(__ebp - 4);
														while(1) {
															L100:
															__eax =  *(__ebp - 0x47c);
															__ecx =  *(__ebp - 0x47c);
															__ecx =  *(__ebp - 0x47c) - 1;
															 *(__ebp - 0x47c) = __ecx;
															__eflags =  *(__ebp - 0x47c);
															if( *(__ebp - 0x47c) == 0) {
																break;
															}
															L101:
															__edx =  *(__ebp - 0x480);
															__eax =  *( *(__ebp - 0x480)) & 0x0000ffff;
															__eflags =  *( *(__ebp - 0x480)) & 0x0000ffff;
															if(( *( *(__ebp - 0x480)) & 0x0000ffff) == 0) {
																break;
															}
															L102:
															 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
															 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
														}
														L103:
														__edx =  *(__ebp - 0x480);
														__edx =  *(__ebp - 0x480) -  *(__ebp - 4);
														__eflags = __edx;
														 *(__ebp - 0x24) = __edx;
														goto L104;
													} else {
														L87:
														__eflags =  *(__ebp - 4);
														if( *(__ebp - 4) == 0) {
															__eax =  *0x60b4f0; // 0x407424
															 *(__ebp - 4) = __eax;
														}
														__ecx =  *(__ebp - 4);
														 *(__ebp - 0x478) = __ecx;
														 *(__ebp - 0x24) = 0;
														while(1) {
															L91:
															__eax =  *(__ebp - 0x24);
															__eflags =  *(__ebp - 0x24) -  *(__ebp - 0x47c);
															if( *(__ebp - 0x24) >=  *(__ebp - 0x47c)) {
																break;
															}
															L92:
															__ecx =  *(__ebp - 0x478);
															__edx =  *__ecx;
															__eflags =  *__ecx;
															if( *__ecx == 0) {
																break;
															}
															L93:
															__ecx = __ebp - 0x40;
															E0040D3B0(__ebp - 0x40) =  *(__ebp - 0x478);
															__ecx =  *( *(__ebp - 0x478)) & 0x000000ff;
															__eax = E00419390( *( *(__ebp - 0x478)) & 0x000000ff,  *(__ebp - 0x478));
															__eflags = __eax;
															if(__eax != 0) {
																__edx =  *(__ebp - 0x478);
																__edx =  *(__ebp - 0x478) + 1;
																__eflags = __edx;
																 *(__ebp - 0x478) = __edx;
															}
															 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
															 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
															__edx =  *(__ebp - 0x24);
															__edx =  *(__ebp - 0x24) + 1;
															__eflags = __edx;
															 *(__ebp - 0x24) = __edx;
														}
														L96:
														L104:
														while(1) {
															L187:
															if( *(_t596 - 0x28) != 0) {
																goto L212;
															}
															goto L188;
														}
													}
												case 0xc:
													L141:
													 *(__ebp - 8) = 0xa;
													goto L150;
												case 0xd:
													L144:
													 *(__ebp - 0x460) = 0x27;
													L145:
													 *(__ebp - 8) = 0x10;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
													__eflags =  *(__ebp - 0x10) & 0x00000080;
													if(( *(__ebp - 0x10) & 0x00000080) != 0) {
														__edx = 0x30;
														 *((short*)(__ebp - 0x14)) = __dx;
														 *(__ebp - 0x460) =  *(__ebp - 0x460) + 0x51;
														__eflags =  *(__ebp - 0x460) + 0x51;
														 *(__ebp - 0x12) = __ax;
														 *(__ebp - 0x1c) = 2;
													}
													L150:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
													__eflags =  *(__ebp - 0x10) & 0x00008000;
													if(( *(__ebp - 0x10) & 0x00008000) == 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
														__eflags =  *(__ebp - 0x10) & 0x00001000;
														if(( *(__ebp - 0x10) & 0x00001000) == 0) {
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
															__eflags =  *(__ebp - 0x10) & 0x00000020;
															if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																__eflags =  *(__ebp - 0x10) & 0x00000040;
																if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																	__ecx = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	__edx = 0;
																	__eflags = 0;
																	 *(__ebp - 0x4a0) = __eax;
																	 *(__ebp - 0x49c) = 0;
																} else {
																	__eax = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	asm("cdq");
																	 *(__ebp - 0x4a0) = __eax;
																	 *(__ebp - 0x49c) = __edx;
																}
															} else {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																__eflags =  *(__ebp - 0x10) & 0x00000040;
																if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																	__ecx = __ebp + 0x14;
																	E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																	asm("cdq");
																	 *(__ebp - 0x4a0) = __ax & 0x0000ffff;
																	 *(__ebp - 0x49c) = __edx;
																} else {
																	__eax = __ebp + 0x14;
																	__eax = E0041C290(__ebp + 0x14);
																	__ax = __eax;
																	asm("cdq");
																	 *(__ebp - 0x4a0) = __eax;
																	 *(__ebp - 0x49c) = __edx;
																}
															}
														} else {
															__eax = __ebp + 0x14;
															 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
															 *(__ebp - 0x49c) = __edx;
														}
													} else {
														__ecx = __ebp + 0x14;
														 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
														 *(__ebp - 0x49c) = __edx;
													}
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
													__eflags =  *(__ebp - 0x10) & 0x00000040;
													if(( *(__ebp - 0x10) & 0x00000040) == 0) {
														L167:
														__ecx =  *(__ebp - 0x4a0);
														 *(__ebp - 0x4a8) =  *(__ebp - 0x4a0);
														__edx =  *(__ebp - 0x49c);
														 *(__ebp - 0x4a4) =  *(__ebp - 0x49c);
														goto L168;
													} else {
														L163:
														__eflags =  *(__ebp - 0x49c);
														if(__eflags > 0) {
															goto L167;
														}
														L164:
														if(__eflags < 0) {
															L166:
															 *(__ebp - 0x4a0) =  ~( *(__ebp - 0x4a0));
															__edx =  *(__ebp - 0x49c);
															asm("adc edx, 0x0");
															__edx =  ~( *(__ebp - 0x49c));
															 *(__ebp - 0x4a8) =  ~( *(__ebp - 0x4a0));
															 *(__ebp - 0x4a4) =  ~( *(__ebp - 0x49c));
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
															L168:
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
															__eflags =  *(__ebp - 0x10) & 0x00008000;
															if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																__eflags =  *(__ebp - 0x10) & 0x00001000;
																if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																	__edx =  *(__ebp - 0x4a8);
																	__eax =  *(__ebp - 0x4a4);
																	__eax =  *(__ebp - 0x4a4) & 0x00000000;
																	__eflags = __eax;
																	 *(__ebp - 0x4a4) = __eax;
																}
															}
															__eflags =  *(__ebp - 0x30);
															if( *(__ebp - 0x30) >= 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
																__eflags =  *(__ebp - 0x30) - 0x200;
																if( *(__ebp - 0x30) > 0x200) {
																	 *(__ebp - 0x30) = 0x200;
																}
															} else {
																 *(__ebp - 0x30) = 1;
															}
															 *(__ebp - 0x4a8) =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
															__eflags =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
															if(( *(__ebp - 0x4a8) |  *(__ebp - 0x4a4)) == 0) {
																 *(__ebp - 0x1c) = 0;
															}
															__eax = __ebp - 0x249;
															 *(__ebp - 4) = __ebp - 0x249;
															while(1) {
																L178:
																__ecx =  *(__ebp - 0x30);
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) > 0) {
																	goto L180;
																}
																L179:
																 *(__ebp - 0x4a8) =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
																__eflags =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
																if(( *(__ebp - 0x4a8) |  *(__ebp - 0x4a4)) == 0) {
																	goto L183;
																}
																L180:
																__eax =  *(__ebp - 8);
																asm("cdq");
																__ecx =  *(__ebp - 0x4a4);
																__edx =  *(__ebp - 0x4a8);
																__eax = E0041CE40( *(__ebp - 0x4a8),  *(__ebp - 0x4a4),  *(__ebp - 8),  *(__ebp - 0x4a8));
																 *(__ebp - 0x494) = __eax;
																__eax =  *(__ebp - 8);
																asm("cdq");
																__eax =  *(__ebp - 0x4a4);
																__ecx =  *(__ebp - 0x4a8);
																 *(__ebp - 0x4a8) = E0041CDD0( *(__ebp - 0x4a8),  *(__ebp - 0x4a4),  *(__ebp - 8), __edx);
																 *(__ebp - 0x4a4) = __edx;
																__eflags =  *(__ebp - 0x494) - 0x39;
																if( *(__ebp - 0x494) > 0x39) {
																	__edx =  *(__ebp - 0x494);
																	__edx =  *(__ebp - 0x494) +  *(__ebp - 0x460);
																	__eflags = __edx;
																	 *(__ebp - 0x494) = __edx;
																}
																__eax =  *(__ebp - 4);
																 *( *(__ebp - 4)) =  *(__ebp - 0x494);
																 *(__ebp - 4) =  *(__ebp - 4) - 1;
																 *(__ebp - 4) =  *(__ebp - 4) - 1;
																L178:
																__ecx =  *(__ebp - 0x30);
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) > 0) {
																	goto L180;
																}
																goto L179;
															}
														}
														L165:
														__eflags =  *(__ebp - 0x4a0);
														if( *(__ebp - 0x4a0) >= 0) {
															goto L167;
														}
														goto L166;
													}
												case 0xe:
													while(1) {
														L187:
														if( *(_t596 - 0x28) != 0) {
															goto L212;
														}
														goto L188;
													}
											}
										case 8:
											L24:
											__ecx =  *(__ebp - 0x10);
											__ecx =  *(__ebp - 0x10) | 0x00000002;
											 *(__ebp - 0x10) = __ecx;
											goto L27;
										case 9:
											L25:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
											goto L27;
										case 0xa:
											L23:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
											goto L27;
										case 0xb:
											L22:
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
											goto L27;
										case 0xc:
											L26:
											__eax =  *(__ebp - 0x10);
											__eax =  *(__ebp - 0x10) | 0x00000008;
											__eflags = __eax;
											 *(__ebp - 0x10) = __eax;
											goto L27;
										case 0xd:
											L27:
											goto L214;
									}
								} else {
									_t571 = 0;
									if(0 == 0) {
										 *(_t596 - 0x4dc) = 0;
									} else {
										 *(_t596 - 0x4dc) = 1;
									}
									 *(_t596 - 0x46c) =  *(_t596 - 0x4dc);
									if( *(_t596 - 0x46c) == 0) {
										_push(L"(\"Incorrect format specifier\", 0)");
										_push(0);
										_push(0x460);
										_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
										_push(2);
										_t502 = L0040E1A0();
										_t599 = _t599 + 0x14;
										if(_t502 == 1) {
											asm("int3");
										}
									}
									L14:
									if( *(_t596 - 0x46c) != 0) {
										goto L16;
									} else {
										 *((intOrPtr*)(L0040EC70(_t543))) = 0x16;
										E00411A50(_t534, _t543, _t594, _t595, L"(\"Incorrect format specifier\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
										 *(_t596 - 0x4c8) = 0xffffffff;
										E0040D380(_t596 - 0x40);
										_t487 =  *(_t596 - 0x4c8);
										L225:
										return E00416CA0(_t487, _t534,  *(_t596 - 0x48) ^ _t596, _t571, _t594, _t595);
									}
								}
							}
							L215:
							if( *(_t596 - 0x45c) == 0) {
								L218:
								 *(_t596 - 0x4f8) = 1;
								L219:
								_t571 =  *(_t596 - 0x4f8);
								 *(_t596 - 0x4bc) =  *(_t596 - 0x4f8);
								if( *(_t596 - 0x4bc) == 0) {
									_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
									_push(0);
									_push(0x8f5);
									_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
									_push(2);
									_t492 = L0040E1A0();
									_t599 = _t599 + 0x14;
									if(_t492 == 1) {
										asm("int3");
									}
								}
								if( *(_t596 - 0x4bc) != 0) {
									 *(_t596 - 0x4d4) =  *(_t596 - 0x44c);
									E0040D380(_t596 - 0x40);
									_t487 =  *(_t596 - 0x4d4);
								} else {
									 *((intOrPtr*)(L0040EC70(_t535))) = 0x16;
									E00411A50(_t534, _t535, _t594, _t595, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
									 *(_t596 - 0x4d0) = 0xffffffff;
									E0040D380(_t596 - 0x40);
									_t487 =  *(_t596 - 0x4d0);
								}
								goto L225;
							}
							L216:
							if( *(_t596 - 0x45c) == 7) {
								goto L218;
							}
							L217:
							 *(_t596 - 0x4f8) = 0;
							goto L219;
						}
					}
					L76:
					_t567 =  *0x60b4f0; // 0x407424
					 *(_t596 - 4) = _t567;
					_t484 = E0040DC40( *(_t596 - 4));
					_t599 = _t599 + 4;
					 *(_t596 - 0x24) = _t484;
					goto L80;
				}
			}

0x00423424
0x00423424
0x00423424
0x00423424
0x00423424
0x00423424
0x00423428
0x0042342d
0x00423430
0x0042343d
0x00000000
0x00000000
0x0042343f
0x0042343f
0x00423449
0x00423468
0x0042346e
0x00423496
0x0042349d
0x004234a3
0x004234a6
0x004234a9
0x004234af
0x004234b2
0x00423470
0x00423470
0x00423476
0x00423479
0x0042347c
0x00423482
0x00423485
0x00423488
0x0042348a
0x0042348d
0x0042348d
0x004234b5
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00423bba
0x00423bc0
0x00423bca
0x00423be4
0x00423bfe
0x00423c05
0x00423c09
0x00423c09
0x00423be6
0x00423beb
0x00423bef
0x00423bef
0x00423bcc
0x00423bd1
0x00423bd5
0x00423bd5
0x00423bca
0x00423c19
0x00423c25
0x00423c3b
0x00423c40
0x00423c40
0x00423c56
0x00423c5b
0x00423c64
0x00423c6c
0x00423c82
0x00423c87
0x00423c87
0x00423c6c
0x00423c8e
0x00423d48
0x00423d5b
0x00423d60
0x00000000
0x00423c94
0x00423c94
0x00423c98
0x00000000
0x00000000
0x00423c9e
0x00423ca1
0x00423caa
0x00423cb0
0x00423cb0
0x00423cbf
0x00423cc7
0x00000000
0x00000000
0x00423cc9
0x00423ccc
0x00423cf1
0x00423cf6
0x00423cf9
0x00423d06
0x00423d14
0x00423d27
0x00423d2c
0x00423d3b
0x00000000
0x00423d3b
0x00423d08
0x00423d08
0x00000000
0x00423d08
0x00423d46
0x00423d63
0x00423d6a
0x00423d72
0x00423d88
0x00423d8d
0x00423d8d
0x00423d72
0x00423d6a
0x00423d90
0x00423d94
0x00423d9c
0x00423da1
0x00423da4
0x00423da4
0x00423dab
0x00423dab
0x00422f2b
0x00422f32
0x00422f3f
0x00422f44
0x00000000
0x00422f57
0x00422f61
0x00422f88
0x00422f6f
0x00422f80
0x00422f80
0x00422f61
0x00422f92
0x00422f98
0x00422fa4
0x00422fa7
0x00422fb5
0x00422fb8
0x00422fc5
0x0042306a
0x00423070
0x0042307d
0x00000000
0x00000000
0x00423083
0x00423089
0x00000000
0x00423090
0x00423090
0x004230aa
0x004230af
0x00000000
0x00000000
0x004230b7
0x004230b7
0x004230be
0x004230c1
0x004230c4
0x004230c7
0x004230ca
0x004230cd
0x004230d0
0x004230d7
0x004230de
0x00000000
0x00000000
0x004230ea
0x004230ea
0x004230f1
0x004230fd
0x00423100
0x00423106
0x0042310d
0x00000000
0x00000000
0x0042310f
0x00423115
0x00423115
0x0042311c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423160
0x00423160
0x00423167
0x0042316a
0x00423194
0x00423197
0x00423197
0x004231a1
0x004231a1
0x004231a5
0x0042316c
0x0042316c
0x00423178
0x0042317b
0x0042317f
0x00423181
0x00423184
0x00423184
0x00423187
0x0042318a
0x0042318d
0x0042318f
0x0042318f
0x00423192
0x004231a8
0x00000000
0x00000000
0x004231ad
0x004231ad
0x00000000
0x00000000
0x004231b9
0x004231b9
0x004231c0
0x004231c3
0x004231e3
0x004231e6
0x004231e6
0x004231f0
0x004231f0
0x004231f4
0x004231c5
0x004231c5
0x004231d1
0x004231d4
0x004231d8
0x004231da
0x004231da
0x004231e1
0x00000000
0x00000000
0x004231fc
0x004231fc
0x00423203
0x0042320f
0x00423212
0x00423218
0x0042321f
0x00423332
0x00000000
0x00423332
0x00423225
0x0042322b
0x0042322b
0x00423232
0x00000000
0x00423269
0x00423269
0x0042326c
0x0042326f
0x00423272
0x00423299
0x00423299
0x0042329c
0x0042329f
0x004232a2
0x004232c6
0x004232c6
0x004232c9
0x004232cc
0x004232cf
0x00423308
0x00423319
0x00000000
0x00423319
0x004232d1
0x004232d1
0x004232d4
0x004232d7
0x004232da
0x00000000
0x00000000
0x004232dc
0x004232dc
0x004232df
0x004232e2
0x004232e5
0x00000000
0x00000000
0x004232e7
0x004232e7
0x004232ea
0x004232ed
0x004232f0
0x00000000
0x00000000
0x004232f2
0x004232f2
0x004232f5
0x004232f8
0x004232fb
0x00000000
0x00000000
0x004232fd
0x004232fd
0x00423300
0x00423303
0x00423306
0x0042330a
0x00000000
0x0042330a
0x00000000
0x00423306
0x004232a4
0x004232a4
0x004232a7
0x004232ab
0x004232ae
0x00000000
0x004232b0
0x004232b3
0x004232b6
0x004232bc
0x004232c1
0x00000000
0x004232c1
0x004232ae
0x00423274
0x00423274
0x00423277
0x0042327b
0x0042327e
0x00000000
0x00423280
0x00423283
0x00423286
0x0042328c
0x00423291
0x00000000
0x00423291
0x00000000
0x0042331b
0x0042331b
0x0042331e
0x00423321
0x00000000
0x00000000
0x00423239
0x00423239
0x0042323c
0x0042323f
0x00423242
0x0042325b
0x0042325e
0x0042325e
0x00423261
0x00423244
0x00423244
0x00423247
0x0042324a
0x00423250
0x00423256
0x00423256
0x00000000
0x00000000
0x00423326
0x00423326
0x00423329
0x00423329
0x0042332f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423337
0x00423337
0x0042333e
0x00423344
0x0042334a
0x0042334d
0x00423353
0x0042335a
0x00000000
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423b67
0x00423b6d
0x00423b70
0x00423b73
0x00423b76
0x00423b79
0x00423b7f
0x00423b7f
0x00423b7f
0x00423b87
0x00423b8b
0x00000000
0x00000000
0x00423b8d
0x00423b8d
0x00423b90
0x00423b93
0x00423b93
0x00423b98
0x00423b9b
0x00423b9e
0x00423ba1
0x00423ba4
0x00423ba7
0x00423baa
0x00423baa
0x00423bad
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00423360
0x00423366
0x00423366
0x0042336d
0x00000000
0x004236f1
0x004236f1
0x004236ff
0x004236ff
0x00423702
0x00000000
0x00000000
0x00423374
0x00423377
0x00423377
0x0042337d
0x0042337f
0x00423382
0x00423382
0x00423385
0x00423385
0x00000000
0x00000000
0x004234ba
0x004234bd
0x004234bd
0x004234c2
0x004234c4
0x004234c7
0x004234c7
0x004234ca
0x004234ca
0x00000000
0x00000000
0x004238bd
0x004238bd
0x00000000
0x00000000
0x00000000
0x00000000
0x00423709
0x0042370c
0x0042370f
0x00423712
0x00423718
0x0042371b
0x00423722
0x00423726
0x00423731
0x00423731
0x00423735
0x0042374c
0x0042374c
0x00423753
0x00423755
0x00423755
0x0042375c
0x0042375c
0x00423763
0x00423771
0x00423774
0x00423783
0x00423786
0x0042378a
0x0042379f
0x0042378c
0x0042378c
0x0042378f
0x00423795
0x0042379a
0x0042379a
0x0042378a
0x004237a9
0x004237ac
0x004237af
0x004237b2
0x004237b5
0x004237b8
0x004237be
0x004237c4
0x004237cc
0x004237cd
0x004237d0
0x004237d1
0x004237d4
0x004237d5
0x004237dc
0x004237dd
0x004237e0
0x004237e1
0x004237e4
0x004237e5
0x004237eb
0x004237ec
0x004237fb
0x004237fd
0x00423803
0x00423803
0x00423808
0x0042380a
0x0042380e
0x00423810
0x00423818
0x00423819
0x0042381c
0x0042381d
0x0042382c
0x0042382e
0x0042382e
0x0042380e
0x00423831
0x00423838
0x0042383b
0x00423840
0x00423840
0x00423846
0x00423848
0x00423850
0x00423851
0x00423854
0x00423855
0x00423863
0x00423865
0x00423865
0x00423846
0x00423868
0x0042386b
0x0042386e
0x00423871
0x00423876
0x0042387b
0x0042387e
0x00423881
0x00423881
0x00423884
0x00423884
0x00423887
0x00423893
0x00000000
0x00423893
0x00423737
0x00423737
0x0042373e
0x00423741
0x00000000
0x00000000
0x00423743
0x00423743
0x00000000
0x00423743
0x00423728
0x00423728
0x00000000
0x00000000
0x00423388
0x00423388
0x00423393
0x0042339b
0x004233a2
0x004233a5
0x004233a5
0x004233a8
0x00423408
0x004233aa
0x004233b1
0x004233b7
0x004233bd
0x004233c4
0x004233c7
0x004233cd
0x004233d5
0x004233d7
0x004233de
0x004233e5
0x004233ec
0x004233f4
0x004233f6
0x004233f8
0x004233f8
0x004233ff
0x0042340f
0x00423415
0x00423418
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x00000000
0x0042389b
0x0042389e
0x004238a1
0x004238a4
0x00000000
0x00000000
0x004235fa
0x004235fa
0x00423606
0x0042360c
0x00423611
0x00423613
0x004236bd
0x004236bd
0x004236c0
0x004236c0
0x004236c3
0x004236d7
0x004236dd
0x004236e3
0x004236c5
0x004236c5
0x004236cb
0x004236d2
0x004236d2
0x004236e5
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00423619
0x00423619
0x00423619
0x0042361b
0x00423629
0x0042361d
0x0042361d
0x0042361d
0x00423633
0x00423639
0x0042363f
0x00423646
0x00423648
0x0042364d
0x0042364f
0x00423654
0x00423659
0x0042365b
0x00423660
0x00423663
0x00423666
0x00423668
0x00423668
0x00423666
0x00423669
0x00423670
0x004236b8
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423672
0x00423672
0x00423677
0x00423693
0x0042369b
0x004236a5
0x004236a8
0x004236ad
0x00000000
0x004236ad
0x00000000
0x00423904
0x00423904
0x0042390e
0x0042390e
0x00423914
0x00423916
0x00423919
0x00423919
0x0042391f
0x0042391f
0x00000000
0x00000000
0x004238b6
0x004238b6
0x00000000
0x00000000
0x004234cd
0x004234cd
0x004234d1
0x004234df
0x004234e2
0x004234d3
0x004234d3
0x004234d3
0x004234e8
0x004234ee
0x004234f4
0x00423500
0x00423506
0x00423506
0x00423509
0x00423591
0x00423591
0x00423595
0x00423597
0x0042359d
0x0042359d
0x004235a0
0x004235a7
0x004235aa
0x004235b0
0x004235b0
0x004235b0
0x004235b6
0x004235bc
0x004235bf
0x004235c5
0x004235c7
0x00000000
0x00000000
0x004235c9
0x004235c9
0x004235cf
0x004235d2
0x004235d4
0x00000000
0x00000000
0x004235d6
0x004235dc
0x004235df
0x004235df
0x004235e7
0x004235e7
0x004235ed
0x004235ed
0x004235f2
0x00000000
0x0042350f
0x0042350f
0x0042350f
0x00423513
0x00423515
0x0042351a
0x0042351a
0x0042351d
0x00423520
0x00423526
0x00423538
0x00423538
0x00423538
0x0042353b
0x00423541
0x00000000
0x00000000
0x00423543
0x00423543
0x00423549
0x0042354c
0x0042354e
0x00000000
0x00000000
0x00423550
0x00423550
0x00423559
0x0042355f
0x00423563
0x0042356b
0x0042356d
0x0042356f
0x00423575
0x00423575
0x00423578
0x00423578
0x00423584
0x00423587
0x0042352f
0x00423532
0x00423532
0x00423535
0x00423535
0x0042358f
0x004235f5
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00000000
0x004238ad
0x004238ad
0x00000000
0x00000000
0x004238c9
0x004238c9
0x004238d3
0x004238d3
0x004238dd
0x004238dd
0x004238e3
0x004238e5
0x004238ea
0x004238f4
0x004238f4
0x004238f7
0x004238fb
0x004238fb
0x00423922
0x00423925
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239de
0x004239e2
0x004239ea
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c3
0x004239c7
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x0042399d
0x004239a9
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423981
0x00423985
0x0042398d
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423954
0x00423960
0x00423966
0x00423966
0x0042392c
0x0042392c
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fb
0x004239fe
0x00423a40
0x00423a40
0x00423a46
0x00423a4c
0x00423a52
0x00000000
0x00423a00
0x00423a00
0x00423a00
0x00423a07
0x00000000
0x00000000
0x00423a09
0x00423a09
0x00423a14
0x00423a1a
0x00423a1c
0x00423a22
0x00423a25
0x00423a27
0x00423a2d
0x00423a36
0x00423a3b
0x00423a58
0x00423a5b
0x00423a5b
0x00423a60
0x00423a65
0x00423a65
0x00423a6b
0x00423a6d
0x00423a73
0x00423a79
0x00423a79
0x00423a82
0x00423a82
0x00423a6b
0x00423a88
0x00423a8c
0x00423a9a
0x00423a9d
0x00423aa0
0x00423aa7
0x00423aa9
0x00423aa9
0x00423a8e
0x00423a8e
0x00423a8e
0x00423ab6
0x00423ab6
0x00423abc
0x00423abe
0x00423abe
0x00423ac5
0x00423acb
0x00423ace
0x00423ace
0x00423ace
0x00423ad4
0x00423ad7
0x00423ada
0x00423adc
0x00000000
0x00000000
0x00423ade
0x00423ae4
0x00423ae4
0x00423aea
0x00000000
0x00000000
0x00423aec
0x00423aec
0x00423aef
0x00423af2
0x00423af9
0x00423b00
0x00423b08
0x00423b0e
0x00423b11
0x00423b14
0x00423b1b
0x00423b27
0x00423b2d
0x00423b33
0x00423b3a
0x00423b3c
0x00423b42
0x00423b42
0x00423b48
0x00423b48
0x00423b4e
0x00423b57
0x00423b5c
0x00423b5f
0x00423ace
0x00423ace
0x00423ad4
0x00423ad7
0x00423ada
0x00423adc
0x00000000
0x00000000
0x00000000
0x00423adc
0x00423ace
0x00423a0b
0x00423a0b
0x00423a12
0x00000000
0x00000000
0x00000000
0x00423a12
0x00000000
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x00000000
0x00423139
0x00423139
0x0042313c
0x0042313f
0x00000000
0x00000000
0x00423144
0x00423147
0x0042314d
0x00000000
0x00000000
0x0042312e
0x00423131
0x00423134
0x00000000
0x00000000
0x00423123
0x00423126
0x00423129
0x00000000
0x00000000
0x00423152
0x00423152
0x00423155
0x00423155
0x00423158
0x00000000
0x00000000
0x0042315b
0x00000000
0x00000000
0x00422fcb
0x00422fcb
0x00422fcd
0x00422fdb
0x00422fcf
0x00422fcf
0x00422fcf
0x00422feb
0x00422ff8
0x00422ffa
0x00422fff
0x00423001
0x00423006
0x0042300b
0x0042300d
0x00423012
0x00423018
0x0042301a
0x0042301a
0x00423018
0x0042301b
0x00423022
0x00000000
0x00423024
0x00423029
0x00423045
0x0042304d
0x0042305a
0x0042305f
0x00423e74
0x00423e81
0x00423e81
0x00423022
0x00422fc5
0x00423db0
0x00423db7
0x00423dce
0x00423dce
0x00423dd8
0x00423dd8
0x00423dde
0x00423deb
0x00423ded
0x00423df2
0x00423df4
0x00423df9
0x00423dfe
0x00423e00
0x00423e05
0x00423e0b
0x00423e0d
0x00423e0d
0x00423e0b
0x00423e15
0x00423e60
0x00423e69
0x00423e6e
0x00423e17
0x00423e1c
0x00423e38
0x00423e40
0x00423e4d
0x00423e52
0x00423e52
0x00000000
0x00423e15
0x00423db9
0x00423dc0
0x00000000
0x00000000
0x00423dc2
0x00423dc2
0x00000000
0x00423dc2
0x00423bb0
0x0042344b
0x0042344b
0x00423451
0x00423458
0x0042345d
0x00423460
0x00000000
0x00423460

APIs

_get_int_arg.LIBCMTD ref: 00423428
_strlen.LIBCMT ref: 00423458
_write_multi_char.LIBCMTD ref: 00423C3B
_write_string.LIBCMTD ref: 00423C56
_write_multi_char.LIBCMTD ref: 00423C82
__mbtowc_l.LIBCMTD ref: 00423CF1

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\output.c, xrefs: 00423006, 00423036
$t@, xrefs: 0042344B
_woutput_s_l, xrefs: 0042303B
("Incorrect format specifier", 0), xrefs: 00422FFA, 00423040

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: _write_multi_char$__mbtowc_l_get_int_arg_strlen_write_string
String ID: $t@$("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
API String ID: 909868375-2691574542
Opcode ID: b4be556b2a9fa530e28e68b417de5dda2915d2e417a1d3ad4bd2f78f6899f3dd
Instruction ID: 77bcd973a9c62ce4c445181408fd6ce7e09f2eaf3590880502c0f5b89ec6bee2
Opcode Fuzzy Hash: b4be556b2a9fa530e28e68b417de5dda2915d2e417a1d3ad4bd2f78f6899f3dd
Instruction Fuzzy Hash: 07A18FB1E002289BDB24CF55DD81BAEB3B5BB44305F5481DAE6096B281D73CAE84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040CB3E Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 179COMMON

Download Yara Rule

APIs

_CheckBytes.LIBCMTD ref: 0040CBBB
_CheckBytes.LIBCMTD ref: 0040CC59
_CheckBytes.LIBCMTD ref: 0040CD02

Strings

HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 0040CBF0
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d)., xrefs: 0040CD2C
%hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d)., xrefs: 0040CDA1
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 0040CC8E

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: BytesCheck
String ID: %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d).
API String ID: 1653226792-1867057952
Opcode ID: f50d4d1e409459c4dfa9250b754d0939ba2935ea4bad06eb35ed3732ffc45307
Instruction ID: a24e33e754b2874eda48a497af397395c0bc1fde856454d26971f632cbd91872
Opcode Fuzzy Hash: f50d4d1e409459c4dfa9250b754d0939ba2935ea4bad06eb35ed3732ffc45307
Instruction Fuzzy Hash: 14610EB4E00105DBDB18CB84D8D5FBFB7B5AB48304F24822AE515BB3D1D278E842CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041E154 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E0041E154(signed int __eax) {
				intOrPtr _t45;
				void* _t50;
				signed int _t54;
				void* _t60;
				signed int _t67;
				signed int _t69;
				signed int _t71;
				signed int _t73;
				signed int _t79;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t84;
				void* _t85;
				void* _t94;

				_t85 = _t84 + 0x10;
				 *(_t82 - 0xc) = __eax;
				if( *(_t82 - 0xc) != 0xffffffff) {
					_t71 =  *(_t82 - 0xc) + 1;
					 *(_t82 - 0xc) = _t71;
					__eflags =  *(_t82 + 0xc);
					if( *(_t82 + 0xc) == 0) {
						L27:
						__eflags =  *(_t82 + 8);
						if( *(_t82 + 8) != 0) {
							 *( *(_t82 + 8)) =  *(_t82 - 0xc);
						}
						_t45 =  *((intOrPtr*)(_t82 - 4));
						L30:
						return _t45;
					}
					__eflags =  *(_t82 - 0xc) -  *(_t82 + 0x10);
					if( *(_t82 - 0xc) <=  *(_t82 + 0x10)) {
						L26:
						_t73 =  *(_t82 + 0xc) +  *(_t82 - 0xc);
						__eflags = _t73;
						 *((char*)(_t73 - 1)) = 0;
						goto L27;
					}
					__eflags =  *((intOrPtr*)(_t82 + 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t82 + 0x18)) == 0xffffffff) {
						L25:
						 *(_t82 - 0xc) =  *(_t82 + 0x10);
						 *((intOrPtr*)(_t82 - 4)) = 0x50;
						goto L26;
					}
					 *( *(_t82 + 0xc)) = 0;
					__eflags =  *(_t82 + 0x10) - 0xffffffff;
					if( *(_t82 + 0x10) != 0xffffffff) {
						__eflags =  *(_t82 + 0x10) - 0x7fffffff;
						if( *(_t82 + 0x10) != 0x7fffffff) {
							__eflags =  *(_t82 + 0x10) - 1;
							if( *(_t82 + 0x10) > 1) {
								__eflags =  *0x60a658 -  *(_t82 + 0x10) - 1; // 0xffffffff
								if(__eflags >= 0) {
									_t67 =  *(_t82 + 0x10) - 1;
									__eflags = _t67;
									 *(_t82 - 0x2c) = _t67;
								} else {
									_t54 =  *0x60a658; // 0xffffffff
									 *(_t82 - 0x2c) = _t54;
								}
								_t71 =  *(_t82 - 0x2c);
								_t52 =  *(_t82 + 0xc) + 1;
								__eflags =  *(_t82 + 0xc) + 1;
								E00412D20(_t80, _t52, 0xfe, _t71);
								_t85 = _t85 + 0xc;
							}
						}
					}
					_t65 =  *(_t82 + 0x10);
					__eflags =  *(_t82 - 0xc) -  *(_t82 + 0x10);
					asm("sbb edx, edx");
					 *(_t82 - 0x18) =  ~_t71;
					if( *(_t82 - 0xc) ==  *(_t82 + 0x10)) {
						_push(L"sizeInBytes > retsize");
						_push(0);
						_push(0x157);
						_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c");
						_push(2);
						_t50 = L0040E1A0();
						_t85 = _t85 + 0x14;
						__eflags = _t50 - 1;
						if(_t50 == 1) {
							asm("int3");
						}
					}
					__eflags =  *(_t82 - 0x18);
					if( *(_t82 - 0x18) != 0) {
						goto L25;
					} else {
						 *((intOrPtr*)(L0040EC70(_t65))) = 0x22;
						E00411A50(_t60, _t65, _t80, _t81, L"sizeInBytes > retsize", L"_wcstombs_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c", 0x157, 0);
						_t45 = 0x22;
						goto L30;
					}
				}
				if( *(_t82 + 0xc) != 0) {
					 *( *(_t82 + 0xc)) = 0;
					if( *(_t82 + 0x10) != 0xffffffff &&  *(_t82 + 0x10) != 0x7fffffff &&  *(_t82 + 0x10) > 1) {
						_t94 =  *0x60a658 -  *(_t82 + 0x10) - 1; // 0xffffffff
						if(_t94 >= 0) {
							_t79 =  *(_t82 + 0x10) - 1;
							__eflags = _t79;
							 *(_t82 - 0x28) = _t79;
						} else {
							_t69 =  *0x60a658; // 0xffffffff
							 *(_t82 - 0x28) = _t69;
						}
						_t61 =  *(_t82 + 0xc) + 1;
						E00412D20(_t80,  *(_t82 + 0xc) + 1, 0xfe,  *(_t82 - 0x28));
					}
				}
				_t45 =  *((intOrPtr*)(L0040EC70(_t61)));
				goto L30;
			}

0x0041e154
0x0041e157
0x0041e15e
0x0041e1ca
0x0041e1cd
0x0041e1d0
0x0041e1d4
0x0041e2c1
0x0041e2c1
0x0041e2c5
0x0041e2cd
0x0041e2cd
0x0041e2cf
0x0041e2d2
0x0041e2d5
0x0041e2d5
0x0041e1dd
0x0041e1e0
0x0041e2b7
0x0041e2ba
0x0041e2ba
0x0041e2bd
0x00000000
0x0041e2bd
0x0041e1e6
0x0041e1ea
0x0041e2aa
0x0041e2ad
0x0041e2b0
0x00000000
0x0041e2b0
0x0041e1f3
0x0041e1f6
0x0041e1fa
0x0041e1fc
0x0041e203
0x0041e205
0x0041e209
0x0041e211
0x0041e217
0x0041e226
0x0041e226
0x0041e229
0x0041e219
0x0041e219
0x0041e21e
0x0041e21e
0x0041e22c
0x0041e238
0x0041e238
0x0041e23c
0x0041e241
0x0041e241
0x0041e209
0x0041e203
0x0041e244
0x0041e247
0x0041e24a
0x0041e24e
0x0041e251
0x0041e253
0x0041e258
0x0041e25a
0x0041e25f
0x0041e264
0x0041e266
0x0041e26b
0x0041e26e
0x0041e271
0x0041e273
0x0041e273
0x0041e271
0x0041e274
0x0041e278
0x00000000
0x0041e27a
0x0041e27f
0x0041e29b
0x0041e2a3
0x00000000
0x0041e2a3
0x0041e278
0x0041e164
0x0041e169
0x0041e170
0x0041e187
0x0041e18d
0x0041e19d
0x0041e19d
0x0041e1a0
0x0041e18f
0x0041e18f
0x0041e195
0x0041e195
0x0041e1af
0x0041e1b3
0x0041e1b8
0x0041e170
0x0041e1c0
0x00000000

APIs

_memset.LIBCMT ref: 0041E1B3
_memset.LIBCMT ref: 0041E23C
__invalid_parameter.LIBCMTD ref: 0041E29B

Strings

sizeInBytes > retsize, xrefs: 0041E253, 0041E296
P, xrefs: 0041E2B0
_wcstombs_s_l, xrefs: 0041E291
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c, xrefs: 0041E25F, 0041E28C

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: _memset$__invalid_parameter
String ID: P$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c$sizeInBytes > retsize
API String ID: 2178901135-56445615
Opcode ID: 8315eaa6a44a0fd2ca9c27235469cc1f29bc26d8b860ca5f47152a015c513efb
Instruction ID: e4875fb2adf0fffae21824f7cc3b30243e61e59fa90d6ae01dfe7a491b9f6918
Opcode Fuzzy Hash: 8315eaa6a44a0fd2ca9c27235469cc1f29bc26d8b860ca5f47152a015c513efb
Instruction Fuzzy Hash: BD418D34D04249EBCB14CFAAC845BEE7771BB40314F14866AEC252B3D1C3799991CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0041C5BC Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 112
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E0041C5BC(void* __ecx) {
				signed int _t42;
				signed int _t43;
				signed int _t49;
				void* _t53;
				void* _t58;
				signed int _t75;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t84;
				void* _t85;

				_t42 = E0041C2F0(_t58, _t80, _t81, E004212D0,  *((intOrPtr*)(_t82 + 8)),  *((intOrPtr*)(_t82 + 0xc)),  *((intOrPtr*)(_t82 + 0x10)),  *((intOrPtr*)(_t82 + 0x14)), __ecx);
				_t85 = _t84 + 0x18;
				 *(_t82 - 4) = _t42;
				if( *(_t82 - 4) < 0) {
					 *((char*)( *((intOrPtr*)(_t82 + 8)))) = 0;
					if( *((intOrPtr*)(_t82 + 0xc)) != 0xffffffff &&  *((intOrPtr*)(_t82 + 0xc)) != 0x7fffffff &&  *((intOrPtr*)(_t82 + 0xc)) > 1) {
						E00412D20(_t80,  *((intOrPtr*)(_t82 + 8)) + 1, 0xfe,  *((intOrPtr*)(_t82 - 0x18)));
						_t85 = _t85 + 0xc;
					}
				}
				if( *(_t82 - 4) != 0xfffffffe) {
					L17:
					__eflags =  *(_t82 - 4);
					if( *(_t82 - 4) >= 0) {
						__eflags =  *((intOrPtr*)(_t82 + 0xc)) - 0xffffffff;
						if( *((intOrPtr*)(_t82 + 0xc)) != 0xffffffff) {
							__eflags =  *((intOrPtr*)(_t82 + 0xc)) - 0x7fffffff;
							if( *((intOrPtr*)(_t82 + 0xc)) != 0x7fffffff) {
								__eflags =  *(_t82 - 4) + 1 -  *((intOrPtr*)(_t82 + 0xc));
								if( *(_t82 - 4) + 1 <  *((intOrPtr*)(_t82 + 0xc))) {
									__eflags =  *0x60a658 -  *((intOrPtr*)(_t82 + 0xc)) -  *(_t82 - 4) + 1; // 0xffffffff
									if(__eflags >= 0) {
										_t75 =  *((intOrPtr*)(_t82 + 0xc)) -  *(_t82 - 4) + 1;
										__eflags = _t75;
										 *(_t82 - 0x20) = _t75;
									} else {
										_t49 =  *0x60a658; // 0xffffffff
										 *(_t82 - 0x20) = _t49;
									}
									E00412D20(_t80,  *((intOrPtr*)(_t82 + 8)) +  *(_t82 - 4) + 1, 0xfe,  *(_t82 - 0x20));
								}
							}
						}
					}
					_t43 =  *(_t82 - 4);
					L26:
					return _t43;
				}
				if(0 == 0) {
					 *((intOrPtr*)(_t82 - 0x1c)) = 0;
				} else {
					 *((intOrPtr*)(_t82 - 0x1c)) = 1;
				}
				_t66 =  *((intOrPtr*)(_t82 - 0x1c));
				 *((intOrPtr*)(_t82 - 0x10)) =  *((intOrPtr*)(_t82 - 0x1c));
				if( *((intOrPtr*)(_t82 - 0x10)) == 0) {
					_push(L"(\"Buffer too small\", 0)");
					_push(0);
					_push(0xf4);
					_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\vsprintf.c");
					_push(2);
					_t53 = L0040E1A0();
					_t85 = _t85 + 0x14;
					if(_t53 == 1) {
						asm("int3");
					}
				}
				if( *((intOrPtr*)(_t82 - 0x10)) != 0) {
					goto L17;
				} else {
					 *((intOrPtr*)(L0040EC70(_t66))) = 0x22;
					_t43 = E00411A50(_t58, _t66, _t80, _t81, L"(\"Buffer too small\", 0)", L"_vsprintf_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\vsprintf.c", 0xf4, 0) | 0xffffffff;
					goto L26;
				}
			}

0x0041c5d2
0x0041c5d7
0x0041c5da
0x0041c5e1
0x0041c5e6
0x0041c5ed
0x0041c630
0x0041c635
0x0041c635
0x0041c5ed
0x0041c63c
0x0041c6b3
0x0041c6b3
0x0041c6b7
0x0041c6b9
0x0041c6bd
0x0041c6bf
0x0041c6c6
0x0041c6ce
0x0041c6d1
0x0041c6de
0x0041c6e4
0x0041c6f9
0x0041c6f9
0x0041c6fb
0x0041c6e6
0x0041c6e6
0x0041c6eb
0x0041c6eb
0x0041c712
0x0041c717
0x0041c6d1
0x0041c6c6
0x0041c6bd
0x0041c71a
0x0041c71d
0x0041c720
0x0041c720
0x0041c640
0x0041c64b
0x0041c642
0x0041c642
0x0041c642
0x0041c652
0x0041c655
0x0041c65c
0x0041c65e
0x0041c663
0x0041c665
0x0041c66a
0x0041c66f
0x0041c671
0x0041c676
0x0041c67c
0x0041c67e
0x0041c67e
0x0041c67c
0x0041c683
0x00000000
0x0041c685
0x0041c68a
0x0041c6ae
0x00000000
0x0041c6ae

APIs

__vsnprintf_helper.LIBCMTD ref: 0041C5D2

Part of subcall function 0041C2F0: __invalid_parameter.LIBCMTD ref: 0041C352

_memset.LIBCMT ref: 0041C630
__invalid_parameter.LIBCMTD ref: 0041C6A6
_memset.LIBCMT ref: 0041C712

Strings

_vsprintf_s_l, xrefs: 0041C69C
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c, xrefs: 0041C66A, 0041C697
("Buffer too small", 0), xrefs: 0041C65E, 0041C6A1

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __invalid_parameter_memset$__vsnprintf_helper
String ID: ("Buffer too small", 0)$_vsprintf_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c
API String ID: 1595796382-1462273229
Opcode ID: 592c0f48f954fb9ebe11dfddf1b362e9e872a25f08b95c8ecc3bfe96cadff3c0
Instruction ID: e5aabb48354373db1f95fa7001bc490cd7160857c309ed050542804df0600054
Opcode Fuzzy Hash: 592c0f48f954fb9ebe11dfddf1b362e9e872a25f08b95c8ecc3bfe96cadff3c0
Instruction Fuzzy Hash: A941A730D80209EFCF14CF58CD81BEE7371AB44328F20962AE429672D1D7799A81CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040D6F7 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E0040D6F7() {
				intOrPtr _t54;
				void* _t61;
				intOrPtr _t68;
				void* _t70;
				void* _t98;
				void* _t99;
				signed int _t100;
				void* _t102;
				void* _t105;

				L0:
				while(1) {
					L0:
					 *(_t100 - 4) =  *(_t100 - 4) + 1;
					if( *((intOrPtr*)( *((intOrPtr*)(_t100 + 0xc)) + 0x10)) >= 0x10) {
						 *((intOrPtr*)(_t100 - 0x6c)) = 0x10;
					} else {
						_t6 =  *((intOrPtr*)(_t100 + 0xc)) + 0x10; // 0x2
						 *((intOrPtr*)(_t100 - 0x6c)) =  *_t6;
					}
					if( *(_t100 - 4) >=  *((intOrPtr*)(_t100 - 0x6c))) {
						break;
					}
					L5:
					 *(_t100 - 0x61) =  *((intOrPtr*)( *((intOrPtr*)(_t100 + 0xc)) +  *(_t100 - 4) + 0x20));
					if(E0040D3B0(_t100 - 0x60) == 0 ||  *((intOrPtr*)( *((intOrPtr*)(E0040D3B0(_t100 - 0x60))) + 0xac)) <= 1) {
						_t54 = E00416AD0(E0040D3B0(_t100 - 0x60),  *(_t100 - 0x61) & 0x000000ff, 0x157);
						_t105 = _t102 + 0xc;
						 *((intOrPtr*)(_t100 - 0x70)) = _t54;
					} else {
						_t68 = E00416B80( *(_t100 - 0x61) & 0x000000ff, 0x157, E0040D3B0(_t100 - 0x60));
						_t105 = _t102 + 0xc;
						 *((intOrPtr*)(_t100 - 0x70)) = _t68;
					}
					if( *((intOrPtr*)(_t100 - 0x70)) == 0) {
						 *(_t100 - 0x74) = 0x20;
					} else {
						 *(_t100 - 0x74) =  *(_t100 - 0x61) & 0x000000ff;
					}
					 *((char*)(_t100 +  *(_t100 - 4) - 0x50)) =  *(_t100 - 0x74);
					 *((intOrPtr*)(_t100 - 0x68)) =  *((intOrPtr*)(L0040EC70( *(_t100 - 0x74))));
					 *((intOrPtr*)(L0040EC70( *(_t100 - 0x74)))) = 0;
					_t84 = _t100 +  *(_t100 - 4) * 3 - 0x3c;
					_t61 = E00416A70(_t100 +  *(_t100 - 4) * 3 - 0x3c, _t100 +  *(_t100 - 4) * 3 - 0x3c, 0x31 -  *(_t100 - 4) * 3, "%.2X ",  *(_t100 - 0x61) & 0x000000ff);
					_t102 = _t105 + 0x10;
					if(_t61 < 0) {
						E0040D870( *((intOrPtr*)(L0040EC70(_t84))), 0x16, 0x22, L"(*_errno())", L"_printMemBlockData", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\dbgheap.c", 0x963, 0);
						_t102 = _t102 + 0x20;
					}
					 *((intOrPtr*)(L0040EC70(_t84))) =  *((intOrPtr*)(_t100 - 0x68));
				}
				L15:
				_t91 =  *(_t100 - 4);
				 *((char*)(_t100 +  *(_t100 - 4) - 0x50)) = 0;
				_push(_t100 - 0x3c);
				if(L00412F90(0, 0, 0, 0, " Data: <%s> %s\n", _t100 - 0x50) == 1) {
					asm("int3");
				}
				return E00416CA0(E0040D380(_t100 - 0x60), _t70,  *(_t100 - 8) ^ _t100, _t91, _t98, _t99);
			}

0x0040d6f7
0x0040d6f7
0x0040d6f7
0x0040d6fd
0x0040d707
0x0040d714
0x0040d709
0x0040d70c
0x0040d70f
0x0040d70f
0x0040d721
0x00000000
0x00000000
0x0040d727
0x0040d730
0x0040d73d
0x0040d785
0x0040d78a
0x0040d78d
0x0040d752
0x0040d765
0x0040d76a
0x0040d76d
0x0040d76d
0x0040d794
0x0040d79f
0x0040d796
0x0040d79a
0x0040d79a
0x0040d7ac
0x0040d7b7
0x0040d7bf
0x0040d7e3
0x0040d7e8
0x0040d7ed
0x0040d7f2
0x0040d816
0x0040d81b
0x0040d81b
0x0040d826
0x0040d826
0x0040d82d
0x0040d82d
0x0040d830
0x0040d838
0x0040d855
0x0040d857
0x0040d857
0x0040d86d

APIs

__isctype_l.LIBCMTD ref: 0040D765
_swprintf_s.LIBCMTD ref: 0040D7E8
__invoke_watson_if_oneof.LIBCMTD ref: 0040D816

Strings

(*_errno()), xrefs: 0040D805
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040D7FB
_printMemBlockData, xrefs: 0040D800
%.2X , xrefs: 0040D7CA

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __invoke_watson_if_oneof__isctype_l_swprintf_s
String ID: %.2X $(*_errno())$_printMemBlockData$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
API String ID: 4289034949-3158630120
Opcode ID: 5f0ac36ceeaa4a52c2639f137b35c6f91630ce61040580c83f2f3a84afd0a49b
Instruction ID: 0888166730624ae36cbb73fe55a1293b98df662e115287c871ec7ba7ae839a39
Opcode Fuzzy Hash: 5f0ac36ceeaa4a52c2639f137b35c6f91630ce61040580c83f2f3a84afd0a49b
Instruction Fuzzy Hash: CF317E74E04208DFDB08DBA5C952AAEB7B1AF46304F20857AE4157F2D2D7389E09DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00412A41 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 69fileCOMMON

Download Yara Rule

APIs

__set_error_mode.LIBCMTD ref: 00412AA8
__set_error_mode.LIBCMTD ref: 00412AB7
GetStdHandle.KERNEL32(000000F4), ref: 00412ACE
_strlen.LIBCMT ref: 00412AF4
WriteFile.KERNEL32(000000FF,00000000,00000000,00000000), ref: 00412B0C

Strings

jjj, xrefs: 00412A90
t/j, xrefs: 00412AE1

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __set_error_mode$FileHandleWrite_strlen
String ID: jjj$t/j
API String ID: 1121076223-194299851
Opcode ID: b4b10aa391df210e662528c2061c1ebacd69fff887b571a758ba531e34fb1c79
Instruction ID: 5b11549a8f7628142caafa2ff959c02f517003328170dd5f0f9d0230ec78de6c
Opcode Fuzzy Hash: b4b10aa391df210e662528c2061c1ebacd69fff887b571a758ba531e34fb1c79
Instruction Fuzzy Hash: F721C470940204FFEF24CF84EA45BDE3375AF54754F14415AE405E2291D3B9AFA1DA8A

Uniqueness

Uniqueness Score: -1.00%

Function 00422027 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00422027(void* __ebx, void* __edi, void* __esi) {
				signed int _t499;
				void* _t504;
				signed int _t506;
				void* _t526;
				void* _t528;
				signed int _t536;
				void* _t555;
				void* _t556;
				signed int _t557;
				void* _t559;

				L0:
				while(1) {
					L0:
					_t556 = __esi;
					_t555 = __edi;
					_t528 = __ebx;
					 *((intOrPtr*)(_t557 - 0x260)) = 0x27;
					while(1) {
						L148:
						 *(__ebp - 8) = 0x10;
						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
						__eflags =  *(__ebp - 0x10) & 0x00000080;
						if(( *(__ebp - 0x10) & 0x00000080) != 0) {
							 *(__ebp - 0x14) = 0x30;
							 *(__ebp - 0x260) =  *(__ebp - 0x260) + 0x51;
							__eflags =  *(__ebp - 0x260) + 0x51;
							 *((char*)(__ebp - 0x13)) = __al;
							 *(__ebp - 0x1c) = 2;
						}
						while(1) {
							L153:
							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
							__eflags =  *(__ebp - 0x10) & 0x00008000;
							if(( *(__ebp - 0x10) & 0x00008000) == 0) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
								__eflags =  *(__ebp - 0x10) & 0x00001000;
								if(( *(__ebp - 0x10) & 0x00001000) == 0) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
									__eflags =  *(__ebp - 0x10) & 0x00000020;
									if(( *(__ebp - 0x10) & 0x00000020) == 0) {
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
										__eflags =  *(__ebp - 0x10) & 0x00000040;
										if(( *(__ebp - 0x10) & 0x00000040) == 0) {
											__ecx = __ebp + 0x14;
											__eax = E0041C290(__ebp + 0x14);
											__edx = 0;
											__eflags = 0;
											 *(__ebp - 0x2b8) = __eax;
											 *(__ebp - 0x2b4) = 0;
										} else {
											__eax = __ebp + 0x14;
											__eax = E0041C290(__ebp + 0x14);
											asm("cdq");
											 *(__ebp - 0x2b8) = __eax;
											 *(__ebp - 0x2b4) = __edx;
										}
									} else {
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
										__eflags =  *(__ebp - 0x10) & 0x00000040;
										if(( *(__ebp - 0x10) & 0x00000040) == 0) {
											__ecx = __ebp + 0x14;
											E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
											asm("cdq");
											 *(__ebp - 0x2b8) = __ax & 0x0000ffff;
											 *(__ebp - 0x2b4) = __edx;
										} else {
											__eax = __ebp + 0x14;
											__eax = E0041C290(__ebp + 0x14);
											__ax = __eax;
											asm("cdq");
											 *(__ebp - 0x2b8) = __eax;
											 *(__ebp - 0x2b4) = __edx;
										}
									}
								} else {
									__eax = __ebp + 0x14;
									 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
									 *(__ebp - 0x2b4) = __edx;
								}
							} else {
								__ecx = __ebp + 0x14;
								 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
								 *(__ebp - 0x2b4) = __edx;
							}
							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
							__eflags =  *(__ebp - 0x10) & 0x00000040;
							if(( *(__ebp - 0x10) & 0x00000040) == 0) {
								goto L170;
							}
							L166:
							__eflags =  *(__ebp - 0x2b4);
							if(__eflags > 0) {
								goto L170;
							}
							L167:
							if(__eflags < 0) {
								L169:
								 *(__ebp - 0x2b8) =  ~( *(__ebp - 0x2b8));
								__edx =  *(__ebp - 0x2b4);
								asm("adc edx, 0x0");
								__edx =  ~( *(__ebp - 0x2b4));
								 *(__ebp - 0x2c0) =  ~( *(__ebp - 0x2b8));
								 *(__ebp - 0x2bc) =  ~( *(__ebp - 0x2b4));
								 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
								L171:
								 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
								__eflags =  *(__ebp - 0x10) & 0x00008000;
								if(( *(__ebp - 0x10) & 0x00008000) == 0) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
									__eflags =  *(__ebp - 0x10) & 0x00001000;
									if(( *(__ebp - 0x10) & 0x00001000) == 0) {
										__edx =  *(__ebp - 0x2c0);
										__eax =  *(__ebp - 0x2bc);
										__eax =  *(__ebp - 0x2bc) & 0x00000000;
										__eflags = __eax;
										 *(__ebp - 0x2bc) = __eax;
									}
								}
								__eflags =  *(__ebp - 0x30);
								if( *(__ebp - 0x30) >= 0) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
									__eflags =  *(__ebp - 0x30) - 0x200;
									if( *(__ebp - 0x30) > 0x200) {
										 *(__ebp - 0x30) = 0x200;
									}
								} else {
									 *(__ebp - 0x30) = 1;
								}
								 *(__ebp - 0x2c0) =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
								__eflags =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
								if(( *(__ebp - 0x2c0) |  *(__ebp - 0x2bc)) == 0) {
									 *(__ebp - 0x1c) = 0;
								}
								__eax = __ebp - 0x49;
								 *(__ebp - 4) = __ebp - 0x49;
								while(1) {
									L181:
									__ecx =  *(__ebp - 0x30);
									 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
									 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
									__eflags =  *(__ebp - 0x30);
									if( *(__ebp - 0x30) > 0) {
										goto L183;
									}
									L182:
									 *(__ebp - 0x2c0) =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
									__eflags =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
									if(( *(__ebp - 0x2c0) |  *(__ebp - 0x2bc)) == 0) {
										L186:
										__ebp - 0x49 = __ebp - 0x49 -  *(__ebp - 4);
										 *(__ebp - 0x24) = __ebp - 0x49 -  *(__ebp - 4);
										__ecx =  *(__ebp - 4);
										__ecx =  *(__ebp - 4) + 1;
										 *(__ebp - 4) = __ecx;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000200;
										__eflags =  *(__ebp - 0x10) & 0x00000200;
										if(( *(__ebp - 0x10) & 0x00000200) == 0) {
											while(1) {
												L190:
												__eflags =  *(__ebp - 0x28);
												if( *(__ebp - 0x28) != 0) {
													goto L216;
												}
												L191:
												 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
												__eflags =  *(__ebp - 0x10) & 0x00000040;
												if(( *(__ebp - 0x10) & 0x00000040) != 0) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000100;
													__eflags =  *(__ebp - 0x10) & 0x00000100;
													if(( *(__ebp - 0x10) & 0x00000100) == 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000001;
														__eflags =  *(__ebp - 0x10) & 0x00000001;
														if(( *(__ebp - 0x10) & 0x00000001) == 0) {
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000002;
															__eflags =  *(__ebp - 0x10) & 0x00000002;
															if(( *(__ebp - 0x10) & 0x00000002) != 0) {
																 *(__ebp - 0x14) = 0x20;
																 *(__ebp - 0x1c) = 1;
															}
														} else {
															 *(__ebp - 0x14) = 0x2b;
															 *(__ebp - 0x1c) = 1;
														}
													} else {
														 *(__ebp - 0x14) = 0x2d;
														 *(__ebp - 0x1c) = 1;
													}
												}
												 *(__ebp - 0x18) =  *(__ebp - 0x18) -  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x18) -  *(__ebp - 0x24) -  *(__ebp - 0x1c);
												 *(__ebp - 0x2c4) =  *(__ebp - 0x18) -  *(__ebp - 0x24) -  *(__ebp - 0x1c);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x0000000c;
												__eflags =  *(__ebp - 0x10) & 0x0000000c;
												if(( *(__ebp - 0x10) & 0x0000000c) == 0) {
													__edx = __ebp - 0x24c;
													__eax =  *(__ebp + 8);
													__ecx =  *(__ebp - 0x2c4);
													__eax = E00422790(0x20,  *(__ebp - 0x2c4),  *(__ebp + 8), __ebp - 0x24c);
												}
												__edx = __ebp - 0x24c;
												__eax =  *(__ebp + 8);
												__ecx =  *(__ebp - 0x1c);
												__edx = __ebp - 0x14;
												E004227D0( *(__ebp - 0x1c), __ebp - 0x14,  *(__ebp - 0x1c),  *(__ebp + 8), __ebp - 0x24c) =  *(__ebp - 0x10);
												__eax =  *(__ebp - 0x10) & 0x00000008;
												__eflags =  *(__ebp - 0x10) & 0x00000008;
												if(( *(__ebp - 0x10) & 0x00000008) != 0) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000004;
													__eflags =  *(__ebp - 0x10) & 0x00000004;
													if(( *(__ebp - 0x10) & 0x00000004) == 0) {
														__edx = __ebp - 0x24c;
														__eax =  *(__ebp + 8);
														__ecx =  *(__ebp - 0x2c4);
														__eax = E00422790(0x30,  *(__ebp - 0x2c4),  *(__ebp + 8), __ebp - 0x24c);
													}
												}
												__eflags =  *(__ebp - 0xc);
												if( *(__ebp - 0xc) == 0) {
													L212:
													__ecx = __ebp - 0x24c;
													__edx =  *(__ebp + 8);
													__eax =  *(__ebp - 0x24);
													__ecx =  *(__ebp - 4);
													__eax = E004227D0(__ecx, __ecx,  *(__ebp - 0x24),  *(__ebp + 8), __ebp - 0x24c);
													goto L213;
												} else {
													L204:
													__eflags =  *(__ebp - 0x24);
													if( *(__ebp - 0x24) <= 0) {
														goto L212;
													}
													L205:
													 *(__ebp - 0x2dc) = 0;
													__edx =  *(__ebp - 4);
													 *(__ebp - 0x2c8) =  *(__ebp - 4);
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x2cc) =  *(__ebp - 0x24);
													while(1) {
														L206:
														__ecx =  *(__ebp - 0x2cc);
														 *(__ebp - 0x2cc) =  *(__ebp - 0x2cc) - 1;
														 *(__ebp - 0x2cc) =  *(__ebp - 0x2cc) - 1;
														__eflags = __ecx;
														if(__ecx == 0) {
															break;
														}
														L207:
														__eax =  *(__ebp - 0x2c8);
														 *(__ebp - 0x32e) =  *( *(__ebp - 0x2c8));
														__edx =  *(__ebp - 0x32e) & 0x0000ffff;
														__eax = __ebp - 0x2d8;
														__ecx = __ebp - 0x2d0;
														 *(__ebp - 0x2dc) = E004212A0(__ebp - 0x2d0, __ebp - 0x2d8, 6,  *(__ebp - 0x32e) & 0x0000ffff);
														 *(__ebp - 0x2c8) =  *(__ebp - 0x2c8) + 2;
														 *(__ebp - 0x2c8) =  *(__ebp - 0x2c8) + 2;
														__eflags =  *(__ebp - 0x2dc);
														if( *(__ebp - 0x2dc) != 0) {
															L209:
															 *(__ebp - 0x24c) = 0xffffffff;
															break;
														}
														L208:
														__eflags =  *(__ebp - 0x2d0);
														if( *(__ebp - 0x2d0) != 0) {
															L210:
															__eax = __ebp - 0x24c;
															__ecx =  *(__ebp + 8);
															__edx =  *(__ebp - 0x2d0);
															__ebp - 0x2d8 = E004227D0( *(__ebp + 8), __ebp - 0x2d8,  *(__ebp - 0x2d0),  *(__ebp + 8), __ebp - 0x24c);
															continue;
														}
														goto L209;
													}
													L211:
													L213:
													__eflags =  *(__ebp - 0x24c);
													if( *(__ebp - 0x24c) >= 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000004;
														__eflags =  *(__ebp - 0x10) & 0x00000004;
														if(( *(__ebp - 0x10) & 0x00000004) != 0) {
															__eax = __ebp - 0x24c;
															__ecx =  *(__ebp + 8);
															__edx =  *(__ebp - 0x2c4);
															__eax = E00422790(0x20,  *(__ebp - 0x2c4),  *(__ebp + 8), __ebp - 0x24c);
														}
													}
												}
												L216:
												__eflags =  *(__ebp - 0x20);
												if( *(__ebp - 0x20) != 0) {
													 *(__ebp - 0x20) = L0040C240( *(__ebp - 0x20), 2);
													 *(__ebp - 0x20) = 0;
												}
												while(1) {
													L218:
													 *(_t557 - 0x251) =  *( *(_t557 + 0xc));
													_t547 =  *(_t557 - 0x251);
													 *(_t557 + 0xc) =  *(_t557 + 0xc) + 1;
													if( *(_t557 - 0x251) == 0 ||  *(_t557 - 0x24c) < 0) {
														break;
													} else {
														if( *(_t557 - 0x251) < 0x20 ||  *(_t557 - 0x251) > 0x78) {
															 *(_t557 - 0x310) = 0;
														} else {
															 *(_t557 - 0x310) =  *( *(_t557 - 0x251) + L"pecifier\", 0)") & 0xf;
														}
													}
													L7:
													 *(_t557 - 0x250) =  *(_t557 - 0x310);
													_t506 =  *(_t557 - 0x250) * 9;
													_t536 =  *(_t557 - 0x25c);
													_t547 = ( *(_t506 + _t536 + 0x4083d0) & 0x000000ff) >> 4;
													 *(_t557 - 0x25c) = ( *(_t506 + _t536 + 0x4083d0) & 0x000000ff) >> 4;
													if( *(_t557 - 0x25c) != 8) {
														L16:
														 *(_t557 - 0x318) =  *(_t557 - 0x25c);
														__eflags =  *(_t557 - 0x318) - 7;
														if( *(_t557 - 0x318) > 7) {
															continue;
														}
														L17:
														switch( *((intOrPtr*)( *(_t557 - 0x318) * 4 +  &M004225E0))) {
															case 0:
																L18:
																 *(_t557 - 0xc) = 0;
																_t509 = E00419390( *(_t557 - 0x251) & 0x000000ff, E0040D3B0(_t557 - 0x40));
																_t562 = _t559 + 8;
																__eflags = _t509;
																if(_t509 == 0) {
																	L24:
																	E004226F0( *(_t557 - 0x251) & 0x000000ff,  *(_t557 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t557 + 8)), _t557 - 0x24c);
																	_t559 = _t562 + 0xc;
																	goto L218;
																} else {
																	E004226F0( *((intOrPtr*)(_t557 + 8)),  *(_t557 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t557 + 8)), _t557 - 0x24c);
																	_t562 = _t562 + 0xc;
																	_t541 =  *( *(_t557 + 0xc));
																	 *(_t557 - 0x251) =  *( *(_t557 + 0xc));
																	_t547 =  *(_t557 + 0xc) + 1;
																	__eflags = _t547;
																	 *(_t557 + 0xc) = _t547;
																	asm("sbb eax, eax");
																	 *(_t557 - 0x27c) =  ~( ~( *(_t557 - 0x251)));
																	if(_t547 == 0) {
																		_push(L"(ch != _T(\'\\0\'))");
																		_push(0);
																		_push(0x486);
																		_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																		_push(2);
																		_t521 = L0040E1A0();
																		_t562 = _t562 + 0x14;
																		__eflags = _t521 - 1;
																		if(_t521 == 1) {
																			asm("int3");
																		}
																	}
																	L22:
																	__eflags =  *(_t557 - 0x27c);
																	if( *(_t557 - 0x27c) != 0) {
																		goto L24;
																	} else {
																		 *((intOrPtr*)(L0040EC70(_t541))) = 0x16;
																		E00411A50(_t528, _t541, _t555, _t556, L"(ch != _T(\'\\0\'))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x486, 0);
																		 *(_t557 - 0x2f4) = 0xffffffff;
																		E0040D380(_t557 - 0x40);
																		_t499 =  *(_t557 - 0x2f4);
																		goto L229;
																	}
																}
															case 1:
																L25:
																 *(__ebp - 0x2c) = 0;
																__edx =  *(__ebp - 0x2c);
																 *(__ebp - 0x28) =  *(__ebp - 0x2c);
																__eax =  *(__ebp - 0x28);
																 *(__ebp - 0x18) =  *(__ebp - 0x28);
																__ecx =  *(__ebp - 0x18);
																 *(__ebp - 0x1c) = __ecx;
																 *(__ebp - 0x10) = 0;
																 *(__ebp - 0x30) = 0xffffffff;
																 *(__ebp - 0xc) = 0;
																goto L218;
															case 2:
																L26:
																__edx =  *((char*)(__ebp - 0x251));
																 *(__ebp - 0x31c) =  *((char*)(__ebp - 0x251));
																 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
																 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
																__eflags =  *(__ebp - 0x31c) - 0x10;
																if( *(__ebp - 0x31c) > 0x10) {
																	goto L33;
																}
																L27:
																__ecx =  *(__ebp - 0x31c);
																_t72 = __ecx + 0x422618; // 0x498d04
																__edx =  *_t72 & 0x000000ff;
																switch( *((intOrPtr*)(( *_t72 & 0x000000ff) * 4 +  &M00422600))) {
																	case 0:
																		goto L30;
																	case 1:
																		goto L31;
																	case 2:
																		goto L29;
																	case 3:
																		goto L28;
																	case 4:
																		goto L32;
																	case 5:
																		goto L33;
																}
															case 3:
																L34:
																__edx =  *((char*)(__ebp - 0x251));
																__eflags =  *((char*)(__ebp - 0x251)) - 0x2a;
																if( *((char*)(__ebp - 0x251)) != 0x2a) {
																	__eax =  *(__ebp - 0x18);
																	__eax =  *(__ebp - 0x18) * 0xa;
																	__eflags = __eax;
																	__ecx =  *((char*)(__ebp - 0x251));
																	_t96 = __ecx - 0x30; // -48
																	__edx = __eax + _t96;
																	 *(__ebp - 0x18) = __eax + _t96;
																} else {
																	__eax = __ebp + 0x14;
																	 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
																	__eflags =  *(__ebp - 0x18);
																	if( *(__ebp - 0x18) < 0) {
																		__ecx =  *(__ebp - 0x10);
																		__ecx =  *(__ebp - 0x10) | 0x00000004;
																		__eflags = __ecx;
																		 *(__ebp - 0x10) = __ecx;
																		 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
																		 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
																	}
																}
																goto L218;
															case 4:
																L40:
																 *(__ebp - 0x30) = 0;
																goto L218;
															case 5:
																L41:
																__eax =  *((char*)(__ebp - 0x251));
																__eflags =  *((char*)(__ebp - 0x251)) - 0x2a;
																if( *((char*)(__ebp - 0x251)) != 0x2a) {
																	__edx =  *(__ebp - 0x30);
																	__edx =  *(__ebp - 0x30) * 0xa;
																	__eflags = __edx;
																	_t107 =  *((char*)(__ebp - 0x251)) - 0x30; // -48
																	__ecx = __edx + _t107;
																	 *(__ebp - 0x30) = __ecx;
																} else {
																	__ecx = __ebp + 0x14;
																	 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
																	__eflags =  *(__ebp - 0x30);
																	if( *(__ebp - 0x30) < 0) {
																		 *(__ebp - 0x30) = 0xffffffff;
																	}
																}
																goto L218;
															case 6:
																L47:
																__edx =  *((char*)(__ebp - 0x251));
																 *(__ebp - 0x320) =  *((char*)(__ebp - 0x251));
																 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
																 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
																__eflags =  *(__ebp - 0x320) - 0x2e;
																if( *(__ebp - 0x320) > 0x2e) {
																	L70:
																	goto L218;
																}
																L48:
																__ecx =  *(__ebp - 0x320);
																_t115 = __ecx + 0x422640; // 0x1e4e9003
																__edx =  *_t115 & 0x000000ff;
																switch( *((intOrPtr*)(( *_t115 & 0x000000ff) * 4 +  &M0042262C))) {
																	case 0:
																		L53:
																		__edx =  *(__ebp + 0xc);
																		__eax =  *( *(__ebp + 0xc));
																		__eflags =  *( *(__ebp + 0xc)) - 0x36;
																		if( *( *(__ebp + 0xc)) != 0x36) {
																			L56:
																			__edx =  *(__ebp + 0xc);
																			__eax =  *( *(__ebp + 0xc));
																			__eflags =  *( *(__ebp + 0xc)) - 0x33;
																			if( *( *(__ebp + 0xc)) != 0x33) {
																				L59:
																				__edx =  *(__ebp + 0xc);
																				__eax =  *( *(__ebp + 0xc));
																				__eflags =  *( *(__ebp + 0xc)) - 0x64;
																				if( *( *(__ebp + 0xc)) == 0x64) {
																					L65:
																					L67:
																					goto L70;
																				}
																				L60:
																				__ecx =  *(__ebp + 0xc);
																				__edx =  *__ecx;
																				__eflags =  *__ecx - 0x69;
																				if( *__ecx == 0x69) {
																					goto L65;
																				}
																				L61:
																				__eax =  *(__ebp + 0xc);
																				__ecx =  *( *(__ebp + 0xc));
																				__eflags = __ecx - 0x6f;
																				if(__ecx == 0x6f) {
																					goto L65;
																				}
																				L62:
																				__edx =  *(__ebp + 0xc);
																				__eax =  *( *(__ebp + 0xc));
																				__eflags =  *( *(__ebp + 0xc)) - 0x75;
																				if( *( *(__ebp + 0xc)) == 0x75) {
																					goto L65;
																				}
																				L63:
																				__ecx =  *(__ebp + 0xc);
																				__edx =  *__ecx;
																				__eflags =  *__ecx - 0x78;
																				if( *__ecx == 0x78) {
																					goto L65;
																				}
																				L64:
																				__eax =  *(__ebp + 0xc);
																				__ecx =  *( *(__ebp + 0xc));
																				__eflags = __ecx - 0x58;
																				if(__ecx != 0x58) {
																					 *(__ebp - 0x25c) = 0;
																					goto L18;
																				}
																				goto L65;
																			}
																			L57:
																			__ecx =  *(__ebp + 0xc);
																			__edx =  *((char*)(__ecx + 1));
																			__eflags =  *((char*)(__ecx + 1)) - 0x32;
																			if( *((char*)(__ecx + 1)) != 0x32) {
																				goto L59;
																			} else {
																				 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																				 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																				__ecx =  *(__ebp - 0x10);
																				__ecx =  *(__ebp - 0x10) & 0xffff7fff;
																				 *(__ebp - 0x10) = __ecx;
																				goto L67;
																			}
																		}
																		L54:
																		__ecx =  *(__ebp + 0xc);
																		__edx =  *((char*)(__ecx + 1));
																		__eflags =  *((char*)(__ecx + 1)) - 0x34;
																		if( *((char*)(__ecx + 1)) != 0x34) {
																			goto L56;
																		} else {
																			 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																			 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																			__ecx =  *(__ebp - 0x10);
																			__ecx =  *(__ebp - 0x10) | 0x00008000;
																			 *(__ebp - 0x10) = __ecx;
																			goto L67;
																		}
																	case 1:
																		L68:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																		goto L70;
																	case 2:
																		L49:
																		__eax =  *(__ebp + 0xc);
																		__ecx =  *( *(__ebp + 0xc));
																		__eflags = __ecx - 0x6c;
																		if(__ecx != 0x6c) {
																			__ecx =  *(__ebp - 0x10);
																			__ecx =  *(__ebp - 0x10) | 0x00000010;
																			__eflags = __ecx;
																			 *(__ebp - 0x10) = __ecx;
																		} else {
																			 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
																			 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																		}
																		goto L70;
																	case 3:
																		L69:
																		__eax =  *(__ebp - 0x10);
																		__eax =  *(__ebp - 0x10) | 0x00000800;
																		__eflags = __eax;
																		 *(__ebp - 0x10) = __eax;
																		goto L70;
																	case 4:
																		goto L70;
																}
															case 7:
																L71:
																__ecx =  *((char*)(__ebp - 0x251));
																 *(__ebp - 0x324) = __ecx;
																 *(__ebp - 0x324) =  *(__ebp - 0x324) - 0x41;
																 *(__ebp - 0x324) =  *(__ebp - 0x324) - 0x41;
																__eflags =  *(__ebp - 0x324) - 0x37;
																if( *(__ebp - 0x324) > 0x37) {
																	while(1) {
																		L190:
																		__eflags =  *(__ebp - 0x28);
																		if( *(__ebp - 0x28) != 0) {
																			goto L216;
																		}
																		goto L191;
																	}
																}
																L72:
																_t156 =  *(__ebp - 0x324) + 0x4226ac; // 0xcccccc0d
																__ecx =  *_t156 & 0x000000ff;
																switch( *((intOrPtr*)(__ecx * 4 +  &M00422670))) {
																	case 0:
																		L123:
																		 *(__ebp - 0x2c) = 1;
																		__ecx =  *((char*)(__ebp - 0x251));
																		__ecx =  *((char*)(__ebp - 0x251)) + 0x20;
																		__eflags = __ecx;
																		 *((char*)(__ebp - 0x251)) = __cl;
																		goto L124;
																	case 1:
																		L73:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																		__eflags =  *(__ebp - 0x10) & 0x00000830;
																		if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																			__eax =  *(__ebp - 0x10);
																			__eax =  *(__ebp - 0x10) | 0x00000800;
																			__eflags = __eax;
																			 *(__ebp - 0x10) = __eax;
																		}
																		goto L75;
																	case 2:
																		L88:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																		__eflags =  *(__ebp - 0x10) & 0x00000830;
																		if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																			__ecx =  *(__ebp - 0x10);
																			__ecx =  *(__ebp - 0x10) | 0x00000800;
																			__eflags = __ecx;
																			 *(__ebp - 0x10) = __ecx;
																		}
																		goto L90;
																	case 3:
																		L147:
																		 *(__ebp - 0x260) = 7;
																		L148:
																		 *(__ebp - 8) = 0x10;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																		__eflags =  *(__ebp - 0x10) & 0x00000080;
																		if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																			 *(__ebp - 0x14) = 0x30;
																			 *(__ebp - 0x260) =  *(__ebp - 0x260) + 0x51;
																			__eflags =  *(__ebp - 0x260) + 0x51;
																			 *((char*)(__ebp - 0x13)) = __al;
																			 *(__ebp - 0x1c) = 2;
																		}
																		goto L153;
																	case 4:
																		L81:
																		__eax = __ebp + 0x14;
																		 *(__ebp - 0x288) = E0041C290(__ebp + 0x14);
																		__eflags =  *(__ebp - 0x288);
																		if( *(__ebp - 0x288) == 0) {
																			L83:
																			__edx =  *0x60b4f0; // 0x407424
																			 *(__ebp - 4) = __edx;
																			__eax =  *(__ebp - 4);
																			 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																			L87:
																			goto L190;
																		}
																		L82:
																		__ecx =  *(__ebp - 0x288);
																		__eflags =  *(__ecx + 4);
																		if( *(__ecx + 4) != 0) {
																			L84:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
																			__eflags =  *(__ebp - 0x10) & 0x00000800;
																			if(( *(__ebp - 0x10) & 0x00000800) == 0) {
																				 *(__ebp - 0xc) = 0;
																				__edx =  *(__ebp - 0x288);
																				__eax =  *(__edx + 4);
																				 *(__ebp - 4) =  *(__edx + 4);
																				__ecx =  *(__ebp - 0x288);
																				__edx =  *__ecx;
																				 *(__ebp - 0x24) =  *__ecx;
																			} else {
																				__edx =  *(__ebp - 0x288);
																				__eax =  *(__edx + 4);
																				 *(__ebp - 4) =  *(__edx + 4);
																				__ecx =  *(__ebp - 0x288);
																				__eax =  *__ecx;
																				asm("cdq");
																				 *__ecx - __edx =  *__ecx - __edx >> 1;
																				 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
																				 *(__ebp - 0xc) = 1;
																			}
																			goto L87;
																		}
																		goto L83;
																	case 5:
																		L124:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																		__eax = __ebp - 0x248;
																		 *(__ebp - 4) = __ebp - 0x248;
																		 *(__ebp - 0x44) = 0x200;
																		__eflags =  *(__ebp - 0x30);
																		if( *(__ebp - 0x30) >= 0) {
																			L126:
																			__eflags =  *(__ebp - 0x30);
																			if( *(__ebp - 0x30) != 0) {
																				L129:
																				__eflags =  *(__ebp - 0x30) - 0x200;
																				if( *(__ebp - 0x30) > 0x200) {
																					 *(__ebp - 0x30) = 0x200;
																				}
																				L131:
																				__eflags =  *(__ebp - 0x30) - 0xa3;
																				if( *(__ebp - 0x30) > 0xa3) {
																					 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																					 *(__ebp - 0x20) = L0040B5C0(__ecx,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																					__eflags =  *(__ebp - 0x20);
																					if( *(__ebp - 0x20) == 0) {
																						 *(__ebp - 0x30) = 0xa3;
																					} else {
																						__eax =  *(__ebp - 0x20);
																						 *(__ebp - 4) =  *(__ebp - 0x20);
																						 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																						 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																					}
																				}
																				 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																				 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																				__eax =  *(__ebp + 0x14);
																				__ecx =  *(__eax - 8);
																				__edx =  *(__eax - 4);
																				 *(__ebp - 0x2a8) =  *(__eax - 8);
																				 *(__ebp - 0x2a4) =  *(__eax - 4);
																				__ecx = __ebp - 0x40;
																				_push(E0040D3B0(__ebp - 0x40));
																				__eax =  *(__ebp - 0x2c);
																				_push( *(__ebp - 0x2c));
																				__ecx =  *(__ebp - 0x30);
																				_push( *(__ebp - 0x30));
																				__edx =  *((char*)(__ebp - 0x251));
																				_push( *((char*)(__ebp - 0x251)));
																				__eax =  *(__ebp - 0x44);
																				_push( *(__ebp - 0x44));
																				__ecx =  *(__ebp - 4);
																				_push( *(__ebp - 4));
																				__edx = __ebp - 0x2a8;
																				_push(__ebp - 0x2a8);
																				__eax =  *0x60b3cc; // 0x7e8c4bdb
																				__eax =  *__eax();
																				__esp = __esp + 0x1c;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																				__eflags =  *(__ebp - 0x10) & 0x00000080;
																				if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																					__eflags =  *(__ebp - 0x30);
																					if( *(__ebp - 0x30) == 0) {
																						__ecx = __ebp - 0x40;
																						_push(E0040D3B0(__ebp - 0x40));
																						__edx =  *(__ebp - 4);
																						_push( *(__ebp - 4));
																						__eax =  *0x60b3d8; // 0x7e8c4bdb
																						__eax =  *__eax();
																						__esp = __esp + 8;
																					}
																				}
																				__ecx =  *((char*)(__ebp - 0x251));
																				__eflags =  *((char*)(__ebp - 0x251)) - 0x67;
																				if( *((char*)(__ebp - 0x251)) == 0x67) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																					__eflags =  *(__ebp - 0x10) & 0x00000080;
																					if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																						__ecx = __ebp - 0x40;
																						_push(E0040D3B0(__ebp - 0x40));
																						__eax =  *(__ebp - 4);
																						_push( *(__ebp - 4));
																						__ecx =  *0x60b3d4; // 0x7e8c4bdb
																						E00410200(__ecx) =  *__eax();
																						__esp = __esp + 8;
																					}
																				}
																				__edx =  *(__ebp - 4);
																				__eax =  *( *(__ebp - 4));
																				__eflags =  *( *(__ebp - 4)) - 0x2d;
																				if( *( *(__ebp - 4)) == 0x2d) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																					__edx =  *(__ebp - 4);
																					__edx =  *(__ebp - 4) + 1;
																					__eflags = __edx;
																					 *(__ebp - 4) = __edx;
																				}
																				__eax =  *(__ebp - 4);
																				 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																				do {
																					L190:
																					__eflags =  *(__ebp - 0x28);
																					if( *(__ebp - 0x28) != 0) {
																						goto L216;
																					}
																					goto L191;
																				} while ( *(__ebp - 0x324) > 0x37);
																				goto L72;
																			}
																			L127:
																			__ecx =  *((char*)(__ebp - 0x251));
																			__eflags = __ecx - 0x67;
																			if(__ecx != 0x67) {
																				goto L129;
																			}
																			L128:
																			 *(__ebp - 0x30) = 1;
																			goto L131;
																		}
																		L125:
																		 *(__ebp - 0x30) = 6;
																		goto L131;
																	case 6:
																		L75:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
																		__eflags =  *(__ebp - 0x10) & 0x00000810;
																		if(( *(__ebp - 0x10) & 0x00000810) == 0) {
																			__ebp + 0x14 = E0041C290(__ebp + 0x14);
																			 *(__ebp - 0x284) = __ax;
																			__cl =  *(__ebp - 0x284);
																			 *(__ebp - 0x248) = __cl;
																			 *(__ebp - 0x24) = 1;
																		} else {
																			 *(__ebp - 0x280) = 0;
																			__edx = __ebp + 0x14;
																			__eax = E0041C2D0(__ebp + 0x14);
																			 *(__ebp - 0x258) = __ax;
																			__eax =  *(__ebp - 0x258) & 0x0000ffff;
																			__ecx = __ebp - 0x248;
																			__edx = __ebp - 0x24;
																			 *(__ebp - 0x280) = E004212A0(__ebp - 0x24, __ebp - 0x248, 0x200,  *(__ebp - 0x258) & 0x0000ffff);
																			__eflags =  *(__ebp - 0x280);
																			if( *(__ebp - 0x280) != 0) {
																				 *(__ebp - 0x28) = 1;
																			}
																		}
																		__edx = __ebp - 0x248;
																		 *(__ebp - 4) = __ebp - 0x248;
																		while(1) {
																			L190:
																			__eflags =  *(__ebp - 0x28);
																			if( *(__ebp - 0x28) != 0) {
																				goto L216;
																			}
																			goto L191;
																		}
																	case 7:
																		L144:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																		 *(__ebp - 8) = 0xa;
																		L153:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																		__eflags =  *(__ebp - 0x10) & 0x00008000;
																		if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																			__eflags =  *(__ebp - 0x10) & 0x00001000;
																			if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																				__eflags =  *(__ebp - 0x10) & 0x00000020;
																				if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																					__eflags =  *(__ebp - 0x10) & 0x00000040;
																					if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																						__ecx = __ebp + 0x14;
																						__eax = E0041C290(__ebp + 0x14);
																						__edx = 0;
																						__eflags = 0;
																						 *(__ebp - 0x2b8) = __eax;
																						 *(__ebp - 0x2b4) = 0;
																					} else {
																						__eax = __ebp + 0x14;
																						__eax = E0041C290(__ebp + 0x14);
																						asm("cdq");
																						 *(__ebp - 0x2b8) = __eax;
																						 *(__ebp - 0x2b4) = __edx;
																					}
																				} else {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																					__eflags =  *(__ebp - 0x10) & 0x00000040;
																					if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																						__ecx = __ebp + 0x14;
																						E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																						asm("cdq");
																						 *(__ebp - 0x2b8) = __ax & 0x0000ffff;
																						 *(__ebp - 0x2b4) = __edx;
																					} else {
																						__eax = __ebp + 0x14;
																						__eax = E0041C290(__ebp + 0x14);
																						__ax = __eax;
																						asm("cdq");
																						 *(__ebp - 0x2b8) = __eax;
																						 *(__ebp - 0x2b4) = __edx;
																					}
																				}
																			} else {
																				__eax = __ebp + 0x14;
																				 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																				 *(__ebp - 0x2b4) = __edx;
																			}
																		} else {
																			__ecx = __ebp + 0x14;
																			 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																			 *(__ebp - 0x2b4) = __edx;
																		}
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																		__eflags =  *(__ebp - 0x10) & 0x00000040;
																		if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																			goto L170;
																		}
																	case 8:
																		L109:
																		__ecx = __ebp + 0x14;
																		 *(__ebp - 0x298) = E0041C290(__ebp + 0x14);
																		__eax = E00420F80();
																		__eflags = __eax;
																		if(__eax != 0) {
																			L119:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																			__eflags =  *(__ebp - 0x10) & 0x00000020;
																			if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																				__edx =  *(__ebp - 0x298);
																				__eax =  *(__ebp - 0x24c);
																				 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
																			} else {
																				__eax =  *(__ebp - 0x298);
																				 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
																			}
																			 *(__ebp - 0x28) = 1;
																			while(1) {
																				L190:
																				__eflags =  *(__ebp - 0x28);
																				if( *(__ebp - 0x28) != 0) {
																					goto L216;
																				}
																				goto L191;
																			}
																		}
																		L110:
																		__edx = 0;
																		__eflags = 0;
																		if(0 == 0) {
																			 *(__ebp - 0x32c) = 0;
																		} else {
																			 *(__ebp - 0x32c) = 1;
																		}
																		__eax =  *(__ebp - 0x32c);
																		 *(__ebp - 0x29c) =  *(__ebp - 0x32c);
																		__eflags =  *(__ebp - 0x29c);
																		if( *(__ebp - 0x29c) == 0) {
																			_push(L"(\"\'n\' format specifier disabled\", 0)");
																			_push(0);
																			_push(0x695);
																			_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																			_push(2);
																			__eax = L0040E1A0();
																			__esp = __esp + 0x14;
																			__eflags = __eax - 1;
																			if(__eax == 1) {
																				asm("int3");
																			}
																		}
																		__eflags =  *(__ebp - 0x29c);
																		if( *(__ebp - 0x29c) != 0) {
																			L118:
																			while(1) {
																				L190:
																				__eflags =  *(__ebp - 0x28);
																				if( *(__ebp - 0x28) != 0) {
																					goto L216;
																				}
																				goto L191;
																			}
																		} else {
																			L117:
																			 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
																			__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
																			 *(__ebp - 0x2f8) = 0xffffffff;
																			__ecx = __ebp - 0x40;
																			__eax = E0040D380(__ecx);
																			__eax =  *(__ebp - 0x2f8);
																			goto L229;
																		}
																	case 9:
																		L151:
																		 *(__ebp - 8) = 8;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																		__eflags =  *(__ebp - 0x10) & 0x00000080;
																		if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																			__edx =  *(__ebp - 0x10);
																			__edx =  *(__ebp - 0x10) | 0x00000200;
																			__eflags = __edx;
																			 *(__ebp - 0x10) = __edx;
																		}
																		while(1) {
																			L153:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																			__eflags =  *(__ebp - 0x10) & 0x00008000;
																			if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																				__eflags =  *(__ebp - 0x10) & 0x00001000;
																				if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																					__eflags =  *(__ebp - 0x10) & 0x00000020;
																					if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__edx = 0;
																							__eflags = 0;
																							 *(__ebp - 0x2b8) = __eax;
																							 *(__ebp - 0x2b4) = 0;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							asm("cdq");
																							 *(__ebp - 0x2b8) = __eax;
																							 *(__ebp - 0x2b4) = __edx;
																						}
																					} else {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																							asm("cdq");
																							 *(__ebp - 0x2b8) = __ax & 0x0000ffff;
																							 *(__ebp - 0x2b4) = __edx;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__ax = __eax;
																							asm("cdq");
																							 *(__ebp - 0x2b8) = __eax;
																							 *(__ebp - 0x2b4) = __edx;
																						}
																					}
																				} else {
																					__eax = __ebp + 0x14;
																					 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																					 *(__ebp - 0x2b4) = __edx;
																				}
																			} else {
																				__ecx = __ebp + 0x14;
																				 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																				 *(__ebp - 0x2b4) = __edx;
																			}
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																			__eflags =  *(__ebp - 0x10) & 0x00000040;
																			if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																				goto L170;
																			}
																			goto L166;
																		}
																	case 0xa:
																		L146:
																		 *(__ebp - 0x30) = 8;
																		goto L147;
																	case 0xb:
																		L90:
																		__eflags =  *(__ebp - 0x30) - 0xffffffff;
																		if( *(__ebp - 0x30) != 0xffffffff) {
																			__edx =  *(__ebp - 0x30);
																			 *(__ebp - 0x328) =  *(__ebp - 0x30);
																		} else {
																			 *(__ebp - 0x328) = 0x7fffffff;
																		}
																		__eax =  *(__ebp - 0x328);
																		 *(__ebp - 0x290) =  *(__ebp - 0x328);
																		__ecx = __ebp + 0x14;
																		 *(__ebp - 4) = E0041C290(__ebp + 0x14);
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
																		__eflags =  *(__ebp - 0x10) & 0x00000810;
																		if(( *(__ebp - 0x10) & 0x00000810) == 0) {
																			L101:
																			__eflags =  *(__ebp - 4);
																			if( *(__ebp - 4) == 0) {
																				__edx =  *0x60b4f0; // 0x407424
																				 *(__ebp - 4) = __edx;
																			}
																			__eax =  *(__ebp - 4);
																			 *(__ebp - 0x28c) =  *(__ebp - 4);
																			while(1) {
																				L104:
																				__ecx =  *(__ebp - 0x290);
																				 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																				 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																				__eflags = __ecx;
																				if(__ecx == 0) {
																					break;
																				}
																				L105:
																				__eax =  *(__ebp - 0x28c);
																				__ecx =  *( *(__ebp - 0x28c));
																				__eflags = __ecx;
																				if(__ecx == 0) {
																					break;
																				}
																				L106:
																				 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
																				 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
																			}
																			L107:
																			__eax =  *(__ebp - 0x28c);
																			__eax =  *(__ebp - 0x28c) -  *(__ebp - 4);
																			__eflags = __eax;
																			 *(__ebp - 0x24) = __eax;
																			goto L108;
																		} else {
																			L94:
																			__eflags =  *(__ebp - 4);
																			if( *(__ebp - 4) == 0) {
																				__eax =  *0x60b4f4; // 0x407414
																				 *(__ebp - 4) = __eax;
																			}
																			 *(__ebp - 0xc) = 1;
																			__ecx =  *(__ebp - 4);
																			 *(__ebp - 0x294) =  *(__ebp - 4);
																			while(1) {
																				L97:
																				__edx =  *(__ebp - 0x290);
																				 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																				 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																				__eflags =  *(__ebp - 0x290);
																				if( *(__ebp - 0x290) == 0) {
																					break;
																				}
																				L98:
																				__ecx =  *(__ebp - 0x294);
																				__edx =  *( *(__ebp - 0x294)) & 0x0000ffff;
																				__eflags =  *( *(__ebp - 0x294)) & 0x0000ffff;
																				if(( *( *(__ebp - 0x294)) & 0x0000ffff) == 0) {
																					break;
																				}
																				L99:
																				 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
																				 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
																			}
																			L100:
																			 *(__ebp - 0x294) =  *(__ebp - 0x294) -  *(__ebp - 4);
																			__ecx =  *(__ebp - 0x294) -  *(__ebp - 4) >> 1;
																			 *(__ebp - 0x24) = __ecx;
																			L108:
																			while(1) {
																				L190:
																				__eflags =  *(__ebp - 0x28);
																				if( *(__ebp - 0x28) != 0) {
																					goto L216;
																				}
																				goto L191;
																			}
																		}
																	case 0xc:
																		L145:
																		 *(__ebp - 8) = 0xa;
																		while(1) {
																			L153:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																			__eflags =  *(__ebp - 0x10) & 0x00008000;
																			if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																				__eflags =  *(__ebp - 0x10) & 0x00001000;
																				if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																					__eflags =  *(__ebp - 0x10) & 0x00000020;
																					if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__edx = 0;
																							__eflags = 0;
																							 *(__ebp - 0x2b8) = __eax;
																							 *(__ebp - 0x2b4) = 0;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							asm("cdq");
																							 *(__ebp - 0x2b8) = __eax;
																							 *(__ebp - 0x2b4) = __edx;
																						}
																					} else {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																							asm("cdq");
																							 *(__ebp - 0x2b8) = __ax & 0x0000ffff;
																							 *(__ebp - 0x2b4) = __edx;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__ax = __eax;
																							asm("cdq");
																							 *(__ebp - 0x2b8) = __eax;
																							 *(__ebp - 0x2b4) = __edx;
																						}
																					}
																				} else {
																					__eax = __ebp + 0x14;
																					 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																					 *(__ebp - 0x2b4) = __edx;
																				}
																			} else {
																				__ecx = __ebp + 0x14;
																				 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																				 *(__ebp - 0x2b4) = __edx;
																			}
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																			__eflags =  *(__ebp - 0x10) & 0x00000040;
																			if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																				goto L170;
																			}
																			goto L166;
																		}
																	case 0xd:
																		goto L0;
																	case 0xe:
																		while(1) {
																			L190:
																			__eflags =  *(__ebp - 0x28);
																			if( *(__ebp - 0x28) != 0) {
																				goto L216;
																			}
																			goto L191;
																		}
																}
															case 8:
																L30:
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
																goto L33;
															case 9:
																L31:
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																goto L33;
															case 0xa:
																L29:
																__ecx =  *(__ebp - 0x10);
																__ecx =  *(__ebp - 0x10) | 0x00000001;
																 *(__ebp - 0x10) = __ecx;
																goto L33;
															case 0xb:
																L28:
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																goto L33;
															case 0xc:
																L32:
																__ecx =  *(__ebp - 0x10);
																__ecx =  *(__ebp - 0x10) | 0x00000008;
																__eflags = __ecx;
																 *(__ebp - 0x10) = __ecx;
																goto L33;
															case 0xd:
																L33:
																goto L218;
														}
													} else {
														if(0 == 0) {
															 *(_t557 - 0x314) = 0;
														} else {
															 *(_t557 - 0x314) = 1;
														}
														_t543 =  *(_t557 - 0x314);
														 *(_t557 - 0x278) =  *(_t557 - 0x314);
														if( *(_t557 - 0x278) == 0) {
															_push(L"(\"Incorrect format specifier\", 0)");
															_push(0);
															_push(0x460);
															_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
															_push(2);
															_t526 = L0040E1A0();
															_t559 = _t559 + 0x14;
															if(_t526 == 1) {
																asm("int3");
															}
														}
														L14:
														if( *(_t557 - 0x278) != 0) {
															goto L16;
														} else {
															 *((intOrPtr*)(L0040EC70(_t543))) = 0x16;
															E00411A50(_t528, _t543, _t555, _t556, L"(\"Incorrect format specifier\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
															 *(_t557 - 0x2f0) = 0xffffffff;
															E0040D380(_t557 - 0x40);
															_t499 =  *(_t557 - 0x2f0);
															L229:
															return E00416CA0(_t499, _t528,  *(_t557 - 0x48) ^ _t557, _t547, _t555, _t556);
														}
													}
												}
												L219:
												__eflags =  *(_t557 - 0x25c);
												if( *(_t557 - 0x25c) == 0) {
													L222:
													 *(_t557 - 0x334) = 1;
													L223:
													_t530 =  *(_t557 - 0x334);
													 *(_t557 - 0x2e0) =  *(_t557 - 0x334);
													__eflags =  *(_t557 - 0x2e0);
													if( *(_t557 - 0x2e0) == 0) {
														_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
														_push(0);
														_push(0x8f5);
														_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
														_push(2);
														_t504 = L0040E1A0();
														_t559 = _t559 + 0x14;
														__eflags = _t504 - 1;
														if(_t504 == 1) {
															asm("int3");
														}
													}
													__eflags =  *(_t557 - 0x2e0);
													if( *(_t557 - 0x2e0) != 0) {
														 *(_t557 - 0x300) =  *(_t557 - 0x24c);
														E0040D380(_t557 - 0x40);
														_t499 =  *(_t557 - 0x300);
													} else {
														 *((intOrPtr*)(L0040EC70(_t530))) = 0x16;
														E00411A50(_t528, _t530, _t555, _t556, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
														 *(_t557 - 0x2fc) = 0xffffffff;
														E0040D380(_t557 - 0x40);
														_t499 =  *(_t557 - 0x2fc);
													}
													goto L229;
												}
												L220:
												__eflags =  *(_t557 - 0x25c) - 7;
												if( *(_t557 - 0x25c) == 7) {
													goto L222;
												}
												L221:
												 *(_t557 - 0x334) = 0;
												goto L223;
											}
										}
										L187:
										__eflags =  *(__ebp - 0x24);
										if( *(__ebp - 0x24) == 0) {
											L189:
											 *(__ebp - 4) =  *(__ebp - 4) - 1;
											 *(__ebp - 4) =  *(__ebp - 4) - 1;
											__eax =  *(__ebp - 4);
											 *( *(__ebp - 4)) = 0x30;
											__ecx =  *(__ebp - 0x24);
											__ecx =  *(__ebp - 0x24) + 1;
											__eflags = __ecx;
											 *(__ebp - 0x24) = __ecx;
											goto L190;
										}
										L188:
										__eax =  *(__ebp - 4);
										__ecx =  *( *(__ebp - 4));
										__eflags = __ecx - 0x30;
										if(__ecx == 0x30) {
											goto L190;
										}
										goto L189;
									}
									L183:
									__eax =  *(__ebp - 8);
									asm("cdq");
									__ecx =  *(__ebp - 0x2bc);
									__edx =  *(__ebp - 0x2c0);
									__eax = E0041CE40( *(__ebp - 0x2c0),  *(__ebp - 0x2bc),  *(__ebp - 8),  *(__ebp - 0x2c0));
									 *(__ebp - 0x2ac) = __eax;
									__eax =  *(__ebp - 8);
									asm("cdq");
									__eax =  *(__ebp - 0x2bc);
									__ecx =  *(__ebp - 0x2c0);
									 *(__ebp - 0x2c0) = E0041CDD0( *(__ebp - 0x2c0),  *(__ebp - 0x2bc),  *(__ebp - 8), __edx);
									 *(__ebp - 0x2bc) = __edx;
									__eflags =  *(__ebp - 0x2ac) - 0x39;
									if( *(__ebp - 0x2ac) > 0x39) {
										__edx =  *(__ebp - 0x2ac);
										__edx =  *(__ebp - 0x2ac) +  *(__ebp - 0x260);
										__eflags = __edx;
										 *(__ebp - 0x2ac) = __edx;
									}
									__eax =  *(__ebp - 4);
									__cl =  *(__ebp - 0x2ac);
									 *( *(__ebp - 4)) = __cl;
									 *(__ebp - 4) =  *(__ebp - 4) - 1;
									 *(__ebp - 4) =  *(__ebp - 4) - 1;
									L181:
									__ecx =  *(__ebp - 0x30);
									 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
									 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
									__eflags =  *(__ebp - 0x30);
									if( *(__ebp - 0x30) > 0) {
										goto L183;
									}
									goto L182;
								}
							}
							L168:
							__eflags =  *(__ebp - 0x2b8);
							if( *(__ebp - 0x2b8) >= 0) {
								goto L170;
							}
							goto L169;
							L170:
							__ecx =  *(__ebp - 0x2b8);
							 *(__ebp - 0x2c0) =  *(__ebp - 0x2b8);
							__edx =  *(__ebp - 0x2b4);
							 *(__ebp - 0x2bc) =  *(__ebp - 0x2b4);
							goto L171;
						}
					}
				}
			}

0x00422027
0x00422027
0x00422027
0x00422027
0x00422027
0x00422027
0x00422027
0x00422031
0x00422031
0x00422031
0x0042203b
0x0042203b
0x00422041
0x00422043
0x0042204d
0x0042204d
0x00422050
0x00422053
0x00422053
0x0042207a
0x0042207a
0x0042207d
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x00422136
0x0042213a
0x00422142
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211b
0x0042211f
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f5
0x00422101
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220d9
0x004220dd
0x004220e5
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220ac
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422084
0x00422090
0x00422096
0x00422096
0x00422153
0x00422153
0x00422156
0x00000000
0x00000000
0x00422158
0x00422158
0x0042215f
0x00000000
0x00000000
0x00422161
0x00422161
0x0042216c
0x00422172
0x00422174
0x0042217a
0x0042217d
0x0042217f
0x00422185
0x0042218e
0x00422193
0x004221b0
0x004221b3
0x004221b3
0x004221b8
0x004221bd
0x004221bd
0x004221c3
0x004221c5
0x004221cb
0x004221d1
0x004221d1
0x004221da
0x004221da
0x004221c3
0x004221e0
0x004221e4
0x004221f2
0x004221f5
0x004221f8
0x004221ff
0x00422201
0x00422201
0x004221e6
0x004221e6
0x004221e6
0x0042220e
0x0042220e
0x00422214
0x00422216
0x00422216
0x0042221d
0x00422220
0x00422223
0x00422223
0x00422223
0x00422229
0x0042222c
0x0042222f
0x00422231
0x00000000
0x00000000
0x00422233
0x00422239
0x00422239
0x0042223f
0x004222bc
0x004222bf
0x004222c2
0x004222c5
0x004222c8
0x004222cb
0x004222d1
0x004222d1
0x004222d7
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x0042230c
0x0042230f
0x0042230f
0x00422312
0x00422317
0x00422317
0x0042231c
0x0042232e
0x0042232e
0x00422331
0x00422343
0x00422343
0x00422346
0x00422348
0x0042234c
0x0042234c
0x00422333
0x00422333
0x00422337
0x00422337
0x0042231e
0x0042231e
0x00422322
0x00422322
0x0042231c
0x00422356
0x00422359
0x0042235c
0x00422365
0x00422365
0x00422368
0x0042236a
0x00422371
0x00422375
0x0042237e
0x00422383
0x00422386
0x0042238d
0x00422391
0x00422395
0x004223a1
0x004223a4
0x004223a4
0x004223a7
0x004223ac
0x004223ac
0x004223af
0x004223b1
0x004223b8
0x004223bc
0x004223c5
0x004223ca
0x004223af
0x004223cd
0x004223d1
0x004224a5
0x004224a5
0x004224ac
0x004224b0
0x004224b4
0x004224b8
0x00000000
0x004223d7
0x004223d7
0x004223d7
0x004223db
0x00000000
0x00000000
0x004223e1
0x004223e1
0x004223eb
0x004223ee
0x004223f4
0x004223f7
0x004223fd
0x004223fd
0x004223fd
0x00422409
0x0042240c
0x00422412
0x00422414
0x00000000
0x00000000
0x0042241a
0x0042241a
0x00422423
0x0042242a
0x00422434
0x0042243b
0x0042244a
0x00422456
0x00422459
0x0042245f
0x00422466
0x00422471
0x00422471
0x00000000
0x00422471
0x00422468
0x00422468
0x0042246f
0x0042247d
0x0042247d
0x00422484
0x00422488
0x00422496
0x00000000
0x0042249b
0x00000000
0x0042246f
0x004224a3
0x004224c0
0x004224c0
0x004224c7
0x004224cc
0x004224cc
0x004224cf
0x004224d1
0x004224d8
0x004224dc
0x004224e5
0x004224ea
0x004224cf
0x004224c7
0x004224ed
0x004224ed
0x004224f1
0x004224f9
0x00422501
0x00422501
0x00422508
0x00422508
0x004215df
0x004215e5
0x004215f2
0x004215f7
0x00000000
0x0042160a
0x00421614
0x0042163b
0x00421622
0x00421633
0x00421633
0x00421614
0x00421645
0x0042164b
0x00421657
0x0042165a
0x00421668
0x0042166b
0x00421678
0x0042171d
0x00421723
0x00421729
0x00421730
0x00000000
0x00000000
0x00421736
0x0042173c
0x00000000
0x00421743
0x00421743
0x0042175b
0x00421760
0x00421763
0x00421765
0x0042181f
0x00421832
0x00421837
0x00000000
0x0042176b
0x0042177e
0x00421783
0x00421789
0x0042178b
0x00421794
0x00421794
0x00421797
0x004217a3
0x004217a7
0x004217ad
0x004217af
0x004217b4
0x004217b6
0x004217bb
0x004217c0
0x004217c2
0x004217c7
0x004217ca
0x004217cd
0x004217cf
0x004217cf
0x004217cd
0x004217d0
0x004217d0
0x004217d7
0x00000000
0x004217d9
0x004217de
0x004217fa
0x00421802
0x0042180f
0x00421814
0x00000000
0x00421814
0x004217d7
0x00000000
0x0042183f
0x0042183f
0x00421846
0x00421849
0x0042184c
0x0042184f
0x00421852
0x00421855
0x00421858
0x0042185f
0x00421866
0x00000000
0x00000000
0x00421872
0x00421872
0x00421879
0x00421885
0x00421888
0x0042188e
0x00421895
0x00000000
0x00000000
0x00421897
0x00421897
0x0042189d
0x0042189d
0x004218a4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004218e7
0x004218e7
0x004218ee
0x004218f1
0x0042191b
0x0042191e
0x0042191e
0x00421921
0x00421928
0x00421928
0x0042192c
0x004218f3
0x004218f3
0x004218ff
0x00421902
0x00421906
0x00421908
0x0042190b
0x0042190b
0x0042190e
0x00421914
0x00421916
0x00421916
0x00421919
0x00000000
0x00000000
0x00421934
0x00421934
0x00000000
0x00000000
0x00421940
0x00421940
0x00421947
0x0042194a
0x0042196a
0x0042196d
0x0042196d
0x00421977
0x00421977
0x0042197b
0x0042194c
0x0042194c
0x00421958
0x0042195b
0x0042195f
0x00421961
0x00421961
0x00421968
0x00000000
0x00000000
0x00421983
0x00421983
0x0042198a
0x00421996
0x00421999
0x0042199f
0x004219a6
0x00421ab9
0x00000000
0x00421ab9
0x004219ac
0x004219ac
0x004219b2
0x004219b2
0x004219b9
0x00000000
0x004219ef
0x004219ef
0x004219f2
0x004219f5
0x004219f8
0x00421a20
0x00421a20
0x00421a23
0x00421a26
0x00421a29
0x00421a4e
0x00421a4e
0x00421a51
0x00421a54
0x00421a57
0x00421a90
0x00421aa1
0x00000000
0x00421aa1
0x00421a59
0x00421a59
0x00421a5c
0x00421a5f
0x00421a62
0x00000000
0x00000000
0x00421a64
0x00421a64
0x00421a67
0x00421a6a
0x00421a6d
0x00000000
0x00000000
0x00421a6f
0x00421a6f
0x00421a72
0x00421a75
0x00421a78
0x00000000
0x00000000
0x00421a7a
0x00421a7a
0x00421a7d
0x00421a80
0x00421a83
0x00000000
0x00000000
0x00421a85
0x00421a85
0x00421a88
0x00421a8b
0x00421a8e
0x00421a92
0x00000000
0x00421a92
0x00000000
0x00421a8e
0x00421a2b
0x00421a2b
0x00421a2e
0x00421a32
0x00421a35
0x00000000
0x00421a37
0x00421a3a
0x00421a3d
0x00421a40
0x00421a43
0x00421a49
0x00000000
0x00421a49
0x00421a35
0x004219fa
0x004219fa
0x004219fd
0x00421a01
0x00421a04
0x00000000
0x00421a06
0x00421a09
0x00421a0c
0x00421a0f
0x00421a12
0x00421a18
0x00000000
0x00421a18
0x00000000
0x00421aa3
0x00421aa6
0x00421aa9
0x00000000
0x00000000
0x004219c0
0x004219c0
0x004219c3
0x004219c6
0x004219c9
0x004219e1
0x004219e4
0x004219e4
0x004219e7
0x004219cb
0x004219ce
0x004219d1
0x004219d7
0x004219dc
0x004219dc
0x00000000
0x00000000
0x00421aae
0x00421aae
0x00421ab1
0x00421ab1
0x00421ab6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00421abe
0x00421abe
0x00421ac5
0x00421ad1
0x00421ad4
0x00421ada
0x00421ae1
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00421ae7
0x00421aed
0x00421aed
0x00421af4
0x00000000
0x00421e4e
0x00421e4e
0x00421e55
0x00421e5c
0x00421e5c
0x00421e5f
0x00000000
0x00000000
0x00421afb
0x00421afe
0x00421afe
0x00421b04
0x00421b06
0x00421b09
0x00421b09
0x00421b0e
0x00421b0e
0x00000000
0x00000000
0x00421c3b
0x00421c3e
0x00421c3e
0x00421c43
0x00421c45
0x00421c48
0x00421c48
0x00421c4e
0x00421c4e
0x00000000
0x00000000
0x0042201b
0x0042201b
0x00422031
0x00422031
0x0042203b
0x0042203b
0x00422041
0x00422043
0x0042204d
0x0042204d
0x00422050
0x00422053
0x00422053
0x00000000
0x00000000
0x00421ba5
0x00421ba5
0x00421bb1
0x00421bb7
0x00421bbe
0x00421bcc
0x00421bcc
0x00421bd2
0x00421bd5
0x00421be1
0x00421c36
0x00000000
0x00421c36
0x00421bc0
0x00421bc0
0x00421bc6
0x00421bca
0x00421be6
0x00421be9
0x00421be9
0x00421bef
0x00421c17
0x00421c1e
0x00421c24
0x00421c27
0x00421c2a
0x00421c30
0x00421c33
0x00421bf1
0x00421bf1
0x00421bf7
0x00421bfa
0x00421bfd
0x00421c03
0x00421c06
0x00421c09
0x00421c0b
0x00421c0e
0x00421c0e
0x00000000
0x00421bef
0x00000000
0x00000000
0x00421e65
0x00421e68
0x00421e6b
0x00421e6e
0x00421e74
0x00421e77
0x00421e7e
0x00421e82
0x00421e8d
0x00421e8d
0x00421e91
0x00421ea8
0x00421ea8
0x00421eaf
0x00421eb1
0x00421eb1
0x00421eb8
0x00421eb8
0x00421ebf
0x00421ed0
0x00421edf
0x00421ee2
0x00421ee6
0x00421efc
0x00421ee8
0x00421ee8
0x00421eeb
0x00421ef1
0x00421ef7
0x00421ef7
0x00421ee6
0x00421f06
0x00421f09
0x00421f0c
0x00421f0f
0x00421f12
0x00421f15
0x00421f1b
0x00421f21
0x00421f29
0x00421f2a
0x00421f2d
0x00421f2e
0x00421f31
0x00421f32
0x00421f39
0x00421f3a
0x00421f3d
0x00421f3e
0x00421f41
0x00421f42
0x00421f48
0x00421f49
0x00421f57
0x00421f59
0x00421f5f
0x00421f5f
0x00421f65
0x00421f67
0x00421f6b
0x00421f6d
0x00421f75
0x00421f76
0x00421f79
0x00421f7a
0x00421f88
0x00421f8a
0x00421f8a
0x00421f6b
0x00421f8d
0x00421f94
0x00421f97
0x00421f9c
0x00421f9c
0x00421fa2
0x00421fa4
0x00421fac
0x00421fad
0x00421fb0
0x00421fb1
0x00421fc0
0x00421fc2
0x00421fc2
0x00421fa2
0x00421fc5
0x00421fc8
0x00421fcb
0x00421fce
0x00421fd3
0x00421fd9
0x00421fdc
0x00421fdf
0x00421fdf
0x00421fe2
0x00421fe2
0x00421fe5
0x00421ff1
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00422302
0x00421e93
0x00421e93
0x00421e9a
0x00421e9d
0x00000000
0x00000000
0x00421e9f
0x00421e9f
0x00000000
0x00421e9f
0x00421e84
0x00421e84
0x00000000
0x00000000
0x00421b11
0x00421b14
0x00421b14
0x00421b1a
0x00421b75
0x00421b7d
0x00421b84
0x00421b8a
0x00421b90
0x00421b1c
0x00421b1c
0x00421b26
0x00421b2a
0x00421b32
0x00421b39
0x00421b46
0x00421b4d
0x00421b59
0x00421b5f
0x00421b66
0x00421b68
0x00421b68
0x00421b6f
0x00421b97
0x00421b9d
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00421ff9
0x00421ffc
0x00421fff
0x00422002
0x0042207a
0x0042207d
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x00422136
0x0042213a
0x00422142
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211b
0x0042211f
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f5
0x00422101
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220d9
0x004220dd
0x004220e5
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220ac
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422084
0x00422090
0x00422096
0x00422096
0x00422153
0x00422153
0x00422156
0x00000000
0x00000000
0x00000000
0x00421d57
0x00421d57
0x00421d63
0x00421d69
0x00421d6e
0x00421d70
0x00421e1a
0x00421e1d
0x00421e1d
0x00421e20
0x00421e34
0x00421e3a
0x00421e40
0x00421e22
0x00421e22
0x00421e2f
0x00421e2f
0x00421e42
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00421d76
0x00421d76
0x00421d76
0x00421d78
0x00421d86
0x00421d7a
0x00421d7a
0x00421d7a
0x00421d90
0x00421d96
0x00421d9c
0x00421da3
0x00421da5
0x00421daa
0x00421dac
0x00421db1
0x00421db6
0x00421db8
0x00421dbd
0x00421dc0
0x00421dc3
0x00421dc5
0x00421dc5
0x00421dc3
0x00421dc6
0x00421dcd
0x00421e15
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00421dcf
0x00421dcf
0x00421dd4
0x00421df0
0x00421df8
0x00421e02
0x00421e05
0x00421e0a
0x00000000
0x00421e0a
0x00000000
0x0042205c
0x0042205c
0x00422066
0x00422066
0x0042206c
0x0042206e
0x00422071
0x00422071
0x00422077
0x00422077
0x0042207a
0x0042207a
0x0042207d
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x00422136
0x0042213a
0x00422142
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211b
0x0042211f
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f5
0x00422101
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220d9
0x004220dd
0x004220e5
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220ac
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422084
0x00422090
0x00422096
0x00422096
0x00422153
0x00422153
0x00422156
0x00000000
0x00000000
0x00000000
0x00422156
0x00000000
0x00422014
0x00422014
0x00000000
0x00000000
0x00421c51
0x00421c51
0x00421c55
0x00421c63
0x00421c66
0x00421c57
0x00421c57
0x00421c57
0x00421c6c
0x00421c72
0x00421c78
0x00421c84
0x00421c8a
0x00421c8a
0x00421c90
0x00421cf7
0x00421cf7
0x00421cfb
0x00421cfd
0x00421d03
0x00421d03
0x00421d06
0x00421d09
0x00421d0f
0x00421d0f
0x00421d0f
0x00421d1b
0x00421d1e
0x00421d24
0x00421d26
0x00000000
0x00000000
0x00421d28
0x00421d28
0x00421d2e
0x00421d31
0x00421d33
0x00000000
0x00000000
0x00421d35
0x00421d3b
0x00421d3e
0x00421d3e
0x00421d46
0x00421d46
0x00421d4c
0x00421d4c
0x00421d4f
0x00000000
0x00421c92
0x00421c92
0x00421c92
0x00421c96
0x00421c98
0x00421c9d
0x00421c9d
0x00421ca0
0x00421ca7
0x00421caa
0x00421cb0
0x00421cb0
0x00421cb0
0x00421cbc
0x00421cbf
0x00421cc5
0x00421cc7
0x00000000
0x00000000
0x00421cc9
0x00421cc9
0x00421ccf
0x00421cd2
0x00421cd4
0x00000000
0x00000000
0x00421cd6
0x00421cdc
0x00421cdf
0x00421cdf
0x00421ce7
0x00421ced
0x00421cf0
0x00421cf2
0x00421d52
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00000000
0x0042200b
0x0042200b
0x0042207a
0x0042207a
0x0042207d
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x00422136
0x0042213a
0x00422142
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211b
0x0042211f
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f5
0x00422101
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220d9
0x004220dd
0x004220e5
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220ac
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422084
0x00422090
0x00422096
0x00422096
0x00422153
0x00422153
0x00422156
0x00000000
0x00000000
0x00000000
0x00422156
0x00000000
0x00000000
0x00000000
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00000000
0x004218c1
0x004218c4
0x004218c7
0x00000000
0x00000000
0x004218cc
0x004218cf
0x004218d4
0x00000000
0x00000000
0x004218b6
0x004218b6
0x004218b9
0x004218bc
0x00000000
0x00000000
0x004218ab
0x004218ae
0x004218b1
0x00000000
0x00000000
0x004218d9
0x004218d9
0x004218dc
0x004218dc
0x004218df
0x00000000
0x00000000
0x004218e2
0x00000000
0x00000000
0x0042167e
0x00421680
0x0042168e
0x00421682
0x00421682
0x00421682
0x00421698
0x0042169e
0x004216ab
0x004216ad
0x004216b2
0x004216b4
0x004216b9
0x004216be
0x004216c0
0x004216c5
0x004216cb
0x004216cd
0x004216cd
0x004216cb
0x004216ce
0x004216d5
0x00000000
0x004216d7
0x004216dc
0x004216f8
0x00421700
0x0042170d
0x00421712
0x004225d1
0x004225de
0x004225de
0x004216d5
0x00421678
0x0042250d
0x0042250d
0x00422514
0x0042252b
0x0042252b
0x00422535
0x00422535
0x0042253b
0x00422541
0x00422548
0x0042254a
0x0042254f
0x00422551
0x00422556
0x0042255b
0x0042255d
0x00422562
0x00422565
0x00422568
0x0042256a
0x0042256a
0x00422568
0x0042256b
0x00422572
0x004225bd
0x004225c6
0x004225cb
0x00422574
0x00422579
0x00422595
0x0042259d
0x004225aa
0x004225af
0x004225af
0x00000000
0x00422572
0x00422516
0x00422516
0x0042251d
0x00000000
0x00000000
0x0042251f
0x0042251f
0x00000000
0x0042251f
0x00422302
0x004222d9
0x004222d9
0x004222dd
0x004222ea
0x004222ed
0x004222f0
0x004222f3
0x004222f6
0x004222f9
0x004222fc
0x004222fc
0x004222ff
0x00000000
0x004222ff
0x004222df
0x004222df
0x004222e2
0x004222e5
0x004222e8
0x00000000
0x00000000
0x00000000
0x004222e8
0x00422241
0x00422241
0x00422244
0x00422247
0x0042224e
0x00422255
0x0042225d
0x00422263
0x00422266
0x00422269
0x00422270
0x0042227c
0x00422282
0x00422288
0x0042228f
0x00422291
0x00422297
0x00422297
0x0042229d
0x0042229d
0x004222a3
0x004222a6
0x004222ac
0x004222b1
0x004222b4
0x00422223
0x00422223
0x00422229
0x0042222c
0x0042222f
0x00422231
0x00000000
0x00000000
0x00000000
0x00422231
0x00422223
0x00422163
0x00422163
0x0042216a
0x00000000
0x00000000
0x00000000
0x00422198
0x00422198
0x0042219e
0x004221a4
0x004221aa
0x00000000
0x004221aa
0x0042207a
0x00422031

APIs

_get_int64_arg.LIBCMTD ref: 00422088
__aullrem.LIBCMT ref: 00422255
__aulldiv.LIBCMT ref: 00422277

Strings

9, xrefs: 00422288
0, xrefs: 00422043
', xrefs: 00422027

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: 6b4c0f8f9fa620177895e8100de1f6ae1e322b9a31a70426aaa8af2f70567667
Instruction ID: e17a7b984f4f784ba8eb72905e97e8833cfe81279f486c5e3825be96e6f89982
Opcode Fuzzy Hash: 6b4c0f8f9fa620177895e8100de1f6ae1e322b9a31a70426aaa8af2f70567667
Instruction Fuzzy Hash: 0B41F4B1E05229EFDB24CF88DD89BAEB7B5BB44304F5481DAD408A7240C7799E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00419050 Relevance: 9.1, APIs: 6, Instructions: 76
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 95%

			E00419050(void* __edx, void _a4) {
				long _v8;
				int _v12;
				signed int _v16;
				void _v24;
				signed int _t12;
				intOrPtr _t14;
				intOrPtr _t25;
				void* _t31;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t31 = __edx;
				_t12 =  *0x60a7a4; // 0x859ba81c
				_v16 = _t12 ^ _t35;
				if( *0x60b3ac == 0) {
					L12:
					if( *0x60b3ac != 0) {
						L16:
						_t14 = _a4;
					} else {
						_v12 = WideCharToMultiByte(GetConsoleOutputCP(), 0,  &_a4, 1,  &_v24, 5, 0, 0);
						if( *0x60b514 == 0xffffffff) {
							L15:
							_t14 = 0xffff;
						} else {
							_t31 =  *0x60b514; // 0xfffffffe
							if(WriteConsoleA(_t31,  &_v24, _v12,  &_v8, 0) != 0) {
								goto L16;
							} else {
								goto L15;
							}
						}
					}
				} else {
					if( *0x60b514 == 0xfffffffe) {
						E0041F0F0();
					}
					if( *0x60b514 != 0xffffffff) {
						_t31 =  *0x60b514; // 0xfffffffe
						if(WriteConsoleW(_t31,  &_a4, 1,  &_v8, 0) != 0) {
							 *0x60b3ac = 1;
							goto L12;
						} else {
							if( *0x60b3ac != 2 || GetLastError() != 0x78) {
								_t14 = 0xffff;
							} else {
								 *0x60b3ac = 0;
								goto L12;
							}
						}
					} else {
						_t14 = 0xffff;
					}
				}
				return E00416CA0(_t14, _t25, _v16 ^ _t35, _t31, _t33, _t34);
			}

0x00419050
0x00419058
0x0041905f
0x00419069
0x004190de
0x004190e5
0x00419138
0x00419138
0x004190e7
0x00419106
0x00419110
0x00419131
0x00419131
0x00419112
0x00419120
0x0041912f
0x00000000
0x00000000
0x00000000
0x00000000
0x0041912f
0x00419110
0x0041906b
0x00419072
0x00419074
0x00419074
0x00419080
0x0041909a
0x004190a9
0x004190d4
0x00000000
0x004190ab
0x004190b2
0x004190cb
0x004190bf
0x004190bf
0x00000000
0x004190d2
0x004190b2
0x00419082
0x00419082
0x00419082
0x00419080
0x00419149

APIs

___initconout.LIBCMTD ref: 00419074

Part of subcall function 0041F0F0: CreateFileA.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,?,00419079), ref: 0041F109

GetConsoleOutputCP.KERNEL32(00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 004190F9
WideCharToMultiByte.KERNEL32(00000000), ref: 00419100
WriteConsoleA.KERNEL32(FFFFFFFE,00000000,?,?,00000000), ref: 00419127

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: Console$ByteCharCreateFileMultiOutputWideWrite___initconout
String ID:
API String ID: 3432720595-0
Opcode ID: 851ed247e91a578dd88bf636fdb2013bc44709bcbd625bc1d4c6775f3f848574
Instruction ID: bd71257c68542f1951d572b2ea078935f3f984140fb731142d712e4977d820f9
Opcode Fuzzy Hash: 851ed247e91a578dd88bf636fdb2013bc44709bcbd625bc1d4c6775f3f848574
Instruction Fuzzy Hash: D321D330540205EFDB20DF54DD58BEB37B5EB08320F60A26AE501962E0D7785EC5CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 00424873 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00424873() {
				signed int _t104;
				void* _t119;
				void* _t122;
				void* _t130;
				signed int _t179;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t197;

				if(( *( *((intOrPtr*)(_t195 - 8)) + 0xc) & 0x00000001) == 0) {
					L5:
					 *( *((intOrPtr*)(_t195 - 8)) + 0xc) =  *( *((intOrPtr*)(_t195 - 8)) + 0xc) | 0x00000002;
					 *( *((intOrPtr*)(_t195 - 8)) + 0xc) =  *( *((intOrPtr*)(_t195 - 8)) + 0xc) & 0xffffffef;
					 *( *((intOrPtr*)(_t195 - 8)) + 4) = 0;
					 *(_t195 - 4) = 0;
					_t136 =  *(_t195 - 4);
					 *(_t195 - 0xc) =  *(_t195 - 4);
					if(( *( *((intOrPtr*)(_t195 - 8)) + 0xc) & 0x0000010c) != 0) {
						L10:
						if(( *( *((intOrPtr*)(_t195 - 8)) + 0xc) & 0x00000108) == 0) {
							 *(_t195 - 4) = 2;
							 *((short*)(_t195 - 0x14)) =  *(_t195 + 8) & 0x0000ffff;
							 *(_t195 - 0xc) = E0040ECD0( *(_t195 - 0x10),  *(_t195 - 0x10), _t195 - 0x14,  *(_t195 - 4));
							L25:
							if( *(_t195 - 0xc) ==  *(_t195 - 4)) {
								_t104 =  *(_t195 + 8) & 0x0000ffff;
							} else {
								 *( *((intOrPtr*)(_t195 - 8)) + 0xc) =  *( *((intOrPtr*)(_t195 - 8)) + 0xc) | 0x00000020;
								_t104 = 0xffff;
							}
							goto L28;
						}
						if( *((intOrPtr*)( *((intOrPtr*)(_t195 - 8)))) -  *((intOrPtr*)( *((intOrPtr*)(_t195 - 8)) + 8)) < 0) {
							_push(L"(\"inconsistent IOB fields\", stream->_ptr - stream->_base >= 0)");
							_push(0);
							_push(0xa0);
							_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\_flsbuf.c");
							_push(2);
							_t119 = L0040E1A0();
							_t197 = _t197 + 0x14;
							if(_t119 == 1) {
								asm("int3");
							}
						}
						 *(_t195 - 4) =  *((intOrPtr*)( *((intOrPtr*)(_t195 - 8)))) -  *((intOrPtr*)( *((intOrPtr*)(_t195 - 8)) + 8));
						 *((intOrPtr*)( *((intOrPtr*)(_t195 - 8)))) =  *((intOrPtr*)( *((intOrPtr*)(_t195 - 8)) + 8)) + 2;
						 *( *((intOrPtr*)(_t195 - 8)) + 4) =  *((intOrPtr*)( *((intOrPtr*)(_t195 - 8)) + 0x18)) - 2;
						if( *(_t195 - 4) <= 0) {
							if( *(_t195 - 0x10) == 0xffffffff ||  *(_t195 - 0x10) == 0xfffffffe) {
								 *((intOrPtr*)(_t195 - 0x18)) = 0x60ac60;
							} else {
								 *((intOrPtr*)(_t195 - 0x18)) = (( *(_t195 - 0x10) & 0x0000001f) << 6) +  *((intOrPtr*)(0x633440 + ( *(_t195 - 0x10) >> 5) * 4));
							}
							_t68 =  *((intOrPtr*)(_t195 - 0x18)) + 4; // 0xa80
							_t152 =  *_t68 & 0x00000020;
							if(( *_t68 & 0x00000020) == 0) {
								goto L23;
							} else {
								_t179 =  *(_t195 - 0x10);
								 *(_t195 - 0x20) = E004194E0(_t152, _t179, _t179, 0, 0, 2);
								 *(_t195 - 0x1c) = _t179;
								if(( *(_t195 - 0x20) &  *(_t195 - 0x1c)) != 0xffffffff) {
									goto L23;
								}
								 *( *((intOrPtr*)(_t195 - 8)) + 0xc) =  *( *((intOrPtr*)(_t195 - 8)) + 0xc) | 0x00000020;
								_t104 = 0xffff;
								goto L28;
							}
						} else {
							 *(_t195 - 0xc) = E0040ECD0( *((intOrPtr*)(_t195 - 8)),  *(_t195 - 0x10),  *((intOrPtr*)( *((intOrPtr*)(_t195 - 8)) + 8)),  *(_t195 - 4));
							L23:
							 *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t195 - 8)) + 8)))) =  *(_t195 + 8) & 0x0000ffff;
							goto L25;
						}
					}
					if( *((intOrPtr*)(_t195 - 8)) == E004109D0() + 0x20 ||  *((intOrPtr*)(_t195 - 8)) == E004109D0() + 0x40) {
						_t136 =  *(_t195 - 0x10);
						_t122 = E00419400(_t130,  *(_t195 - 0x10), _t193, _t194,  *(_t195 - 0x10));
						_t197 = _t197 + 4;
						if(_t122 != 0) {
							goto L10;
						}
						goto L9;
					} else {
						L9:
						E00419E10(_t136,  *((intOrPtr*)(_t195 - 8)));
						_t197 = _t197 + 4;
						goto L10;
					}
				} else {
					 *( *((intOrPtr*)(_t195 - 8)) + 4) = 0;
					if(( *( *((intOrPtr*)(_t195 - 8)) + 0xc) & 0x00000010) == 0) {
						 *( *((intOrPtr*)(_t195 - 8)) + 0xc) =  *( *((intOrPtr*)(_t195 - 8)) + 0xc) | 0x00000020;
						_t104 = 0xffff;
						L28:
						return _t104;
					}
					 *((intOrPtr*)( *((intOrPtr*)(_t195 - 8)))) =  *((intOrPtr*)( *((intOrPtr*)(_t195 - 8)) + 8));
					 *( *((intOrPtr*)(_t195 - 8)) + 0xc) =  *( *((intOrPtr*)(_t195 - 8)) + 0xc) & 0xfffffffe;
					goto L5;
				}
			}

0x004248ad
0x004248f9
0x00424905
0x00424914
0x0042491a
0x00424921
0x00424928
0x0042492b
0x00424939
0x00424971
0x0042497d
0x00424a85
0x00424a95
0x00424aad
0x00424ab0
0x00424ab6
0x00424ad1
0x00424ab8
0x00424ac4
0x00424ac7
0x00424ac7
0x00000000
0x00424ab6
0x0042498e
0x00424990
0x00424995
0x00424997
0x0042499c
0x004249a1
0x004249a3
0x004249a8
0x004249ae
0x004249b0
0x004249b0
0x004249ae
0x004249bc
0x004249cb
0x004249d9
0x004249e0
0x00424a02
0x00424a25
0x00424a0a
0x00424a20
0x00424a20
0x00424a2f
0x00424a33
0x00424a36
0x00000000
0x00424a38
0x00424a3e
0x00424a4a
0x00424a4d
0x00424a59
0x00000000
0x00000000
0x00424a67
0x00424a6a
0x00000000
0x00424a6a
0x004249e2
0x004249f9
0x00424a71
0x00424a80
0x00000000
0x00424a80
0x004249e0
0x00424946
0x00424955
0x00424959
0x0042495e
0x00424963
0x00000000
0x00000000
0x00000000
0x00424965
0x00424965
0x00424969
0x0042496e
0x00000000
0x0042496e
0x004248af
0x004248b2
0x004248c2
0x004248ec
0x004248ef
0x00424ad6
0x00424ad9
0x00424ad9
0x004248cd
0x004248db
0x00000000
0x004248db

APIs

__isatty.LIBCMTD ref: 00424959
__getbuf.LIBCMTD ref: 00424969
__write.LIBCMTD ref: 004249F1

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c, xrefs: 0042499C
("inconsistent IOB fields", stream->_ptr - stream->_base >= 0), xrefs: 00424990

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __getbuf__isatty__write
String ID: ("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)$f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
API String ID: 2861569966-4070537404
Opcode ID: 143be117e55a2cb583e1dfc100ce3569d1373143b1c53e0d2d26c7bc60b7eb62
Instruction ID: 3771cb71ff4f9f648e5b3ba1356e89e07134316de85d5563c5280ee8c7fd95ba
Opcode Fuzzy Hash: 143be117e55a2cb583e1dfc100ce3569d1373143b1c53e0d2d26c7bc60b7eb62
Instruction Fuzzy Hash: AD51E978B10218EFDB14CF98D491AAEFBB1FF88324F148299E4456B395D634EA81CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00410F01 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00410F01() {
				signed int _t102;
				signed int _t104;
				signed int _t114;
				void* _t118;
				void* _t121;
				signed int _t126;
				void* _t129;
				signed int _t174;
				void* _t188;
				void* _t189;
				void* _t190;
				void* _t192;

				if(( *( *(_t190 - 8) + 0xc) & 0x00000001) == 0) {
					L5:
					 *( *(_t190 - 8) + 0xc) =  *( *(_t190 - 8) + 0xc) | 0x00000002;
					 *( *(_t190 - 8) + 0xc) =  *( *(_t190 - 8) + 0xc) & 0xffffffef;
					 *( *(_t190 - 8) + 4) = 0;
					 *(_t190 - 4) = 0;
					_t135 =  *(_t190 - 4);
					 *(_t190 - 0xc) =  *(_t190 - 4);
					if(( *( *(_t190 - 8) + 0xc) & 0x0000010c) != 0) {
						L10:
						if(( *( *(_t190 - 8) + 0xc) & 0x00000108) == 0) {
							 *(_t190 - 4) = 1;
							 *(_t190 - 0xc) = E0040ECD0( *(_t190 - 4),  *(_t190 - 0x10), _t190 + 8,  *(_t190 - 4));
							L25:
							if( *(_t190 - 0xc) ==  *(_t190 - 4)) {
								_t102 =  *(_t190 + 8) & 0x000000ff;
							} else {
								_t104 =  *( *(_t190 - 8) + 0xc) | 0x00000020;
								 *( *(_t190 - 8) + 0xc) = _t104;
								_t102 = _t104 | 0xffffffff;
							}
							goto L28;
						}
						if( *( *(_t190 - 8)) -  *((intOrPtr*)( *(_t190 - 8) + 8)) < 0) {
							_push(L"(\"inconsistent IOB fields\", stream->_ptr - stream->_base >= 0)");
							_push(0);
							_push(0xa0);
							_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\_flsbuf.c");
							_push(2);
							_t118 = L0040E1A0();
							_t192 = _t192 + 0x14;
							if(_t118 == 1) {
								asm("int3");
							}
						}
						 *(_t190 - 4) =  *( *(_t190 - 8)) -  *((intOrPtr*)( *(_t190 - 8) + 8));
						 *( *(_t190 - 8)) =  *((intOrPtr*)( *(_t190 - 8) + 8)) + 1;
						 *( *(_t190 - 8) + 4) =  *((intOrPtr*)( *(_t190 - 8) + 0x18)) - 1;
						if( *(_t190 - 4) <= 0) {
							if( *(_t190 - 0x10) == 0xffffffff ||  *(_t190 - 0x10) == 0xfffffffe) {
								 *((intOrPtr*)(_t190 - 0x14)) = 0x60ac60;
							} else {
								 *((intOrPtr*)(_t190 - 0x14)) = (( *(_t190 - 0x10) & 0x0000001f) << 6) +  *((intOrPtr*)(0x633440 + ( *(_t190 - 0x10) >> 5) * 4));
							}
							_t68 =  *((intOrPtr*)(_t190 - 0x14)) + 4; // 0xa80
							_t149 =  *_t68 & 0x00000020;
							if(( *_t68 & 0x00000020) == 0) {
								goto L23;
							} else {
								_t174 =  *(_t190 - 0x10);
								 *(_t190 - 0x1c) = E004194E0(_t149, _t174, _t174, 0, 0, 2);
								 *(_t190 - 0x18) = _t174;
								if(( *(_t190 - 0x1c) &  *(_t190 - 0x18)) != 0xffffffff) {
									goto L23;
								}
								_t114 =  *(_t190 - 8);
								 *(_t114 + 0xc) =  *( *(_t190 - 8) + 0xc) | 0x00000020;
								_t102 = _t114 | 0xffffffff;
								goto L28;
							}
						} else {
							 *(_t190 - 0xc) = E0040ECD0( *(_t190 - 8),  *(_t190 - 0x10),  *((intOrPtr*)( *(_t190 - 8) + 8)),  *(_t190 - 4));
							L23:
							 *((char*)( *((intOrPtr*)( *(_t190 - 8) + 8)))) =  *(_t190 + 8);
							goto L25;
						}
					}
					if( *(_t190 - 8) == E004109D0() + 0x20 ||  *(_t190 - 8) == E004109D0() + 0x40) {
						_t135 =  *(_t190 - 0x10);
						_t121 = E00419400(_t129,  *(_t190 - 0x10), _t188, _t189,  *(_t190 - 0x10));
						_t192 = _t192 + 4;
						if(_t121 != 0) {
							goto L10;
						}
						goto L9;
					} else {
						L9:
						E00419E10(_t135,  *(_t190 - 8));
						_t192 = _t192 + 4;
						goto L10;
					}
				} else {
					 *( *(_t190 - 8) + 4) = 0;
					if(( *( *(_t190 - 8) + 0xc) & 0x00000010) == 0) {
						_t126 =  *(_t190 - 8);
						 *( *(_t190 - 8) + 0xc) =  *(_t126 + 0xc) | 0x00000020;
						_t102 = _t126 | 0xffffffff;
						L28:
						return _t102;
					}
					 *( *(_t190 - 8)) =  *((intOrPtr*)( *(_t190 - 8) + 8));
					 *( *(_t190 - 8) + 0xc) =  *( *(_t190 - 8) + 0xc) & 0xfffffffe;
					goto L5;
				}
			}

0x00410f39
0x00410f83
0x00410f8f
0x00410f9e
0x00410fa4
0x00410fab
0x00410fb2
0x00410fb5
0x00410fc3
0x00410ffb
0x00411007
0x00411106
0x00411121
0x00411124
0x0041112a
0x00411143
0x0041112c
0x00411132
0x00411138
0x0041113b
0x0041113b
0x00000000
0x0041112a
0x00411018
0x0041101a
0x0041101f
0x00411021
0x00411026
0x0041102b
0x0041102d
0x00411032
0x00411038
0x0041103a
0x0041103a
0x00411038
0x00411046
0x00411055
0x00411063
0x0041106a
0x0041108c
0x004110af
0x00411094
0x004110aa
0x004110aa
0x004110b9
0x004110bd
0x004110c0
0x00000000
0x004110c2
0x004110c8
0x004110d4
0x004110d7
0x004110e3
0x00000000
0x00000000
0x004110ee
0x004110f1
0x004110f4
0x00000000
0x004110f4
0x0041106c
0x00411083
0x004110f9
0x00411102
0x00000000
0x00411102
0x0041106a
0x00410fd0
0x00410fdf
0x00410fe3
0x00410fe8
0x00410fed
0x00000000
0x00000000
0x00000000
0x00410fef
0x00410fef
0x00410ff3
0x00410ff8
0x00000000
0x00410ff8
0x00410f3b
0x00410f3e
0x00410f4e
0x00410f6c
0x00410f78
0x00410f7b
0x00411148
0x0041114b
0x0041114b
0x00410f59
0x00410f67
0x00000000
0x00410f67

APIs

__isatty.LIBCMTD ref: 00410FE3
__getbuf.LIBCMTD ref: 00410FF3
__write.LIBCMTD ref: 0041107B

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c, xrefs: 00411026
("inconsistent IOB fields", stream->_ptr - stream->_base >= 0), xrefs: 0041101A

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __getbuf__isatty__write
String ID: ("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)$f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
API String ID: 2861569966-4070537404
Opcode ID: d52142aec03c6b3a91e03f9bd270b10fb2d10dbcbe227ccb2e527b98531a6110
Instruction ID: 2c130a109d115f38042a12a2f461c5b9ce17d0b30de7be35641cc070e499371d
Opcode Fuzzy Hash: d52142aec03c6b3a91e03f9bd270b10fb2d10dbcbe227ccb2e527b98531a6110
Instruction Fuzzy Hash: 0E51D975A00208AFDB14CF94C491AADFB71EF88324F14829AE5456B396D675EAC2CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00422014 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00422014(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi) {
				signed int _t499;
				void* _t504;
				signed int _t506;
				void* _t526;
				intOrPtr _t528;
				signed int _t536;
				intOrPtr _t555;
				intOrPtr _t556;
				signed int _t557;
				void* _t559;

				L0:
				while(1) {
					L0:
					_t556 = __esi;
					_t555 = __edi;
					_t528 = __ebx;
					 *(_t557 - 0x30) = 8;
					while(1) {
						L146:
						 *(__ebp - 0x260) = 7;
						while(1) {
							L148:
							 *(__ebp - 8) = 0x10;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
							__eflags =  *(__ebp - 0x10) & 0x00000080;
							if(( *(__ebp - 0x10) & 0x00000080) != 0) {
								 *(__ebp - 0x14) = 0x30;
								 *(__ebp - 0x260) =  *(__ebp - 0x260) + 0x51;
								__eflags =  *(__ebp - 0x260) + 0x51;
								 *((char*)(__ebp - 0x13)) = __al;
								 *(__ebp - 0x1c) = 2;
							}
							while(1) {
								L153:
								 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
								__eflags =  *(__ebp - 0x10) & 0x00008000;
								if(( *(__ebp - 0x10) & 0x00008000) == 0) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
									__eflags =  *(__ebp - 0x10) & 0x00001000;
									if(( *(__ebp - 0x10) & 0x00001000) == 0) {
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
										__eflags =  *(__ebp - 0x10) & 0x00000020;
										if(( *(__ebp - 0x10) & 0x00000020) == 0) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
											__eflags =  *(__ebp - 0x10) & 0x00000040;
											if(( *(__ebp - 0x10) & 0x00000040) == 0) {
												__ecx = __ebp + 0x14;
												__eax = E0041C290(__ebp + 0x14);
												__edx = 0;
												__eflags = 0;
												 *(__ebp - 0x2b8) = __eax;
												 *(__ebp - 0x2b4) = 0;
											} else {
												__eax = __ebp + 0x14;
												__eax = E0041C290(__ebp + 0x14);
												asm("cdq");
												 *(__ebp - 0x2b8) = __eax;
												 *(__ebp - 0x2b4) = __edx;
											}
										} else {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
											__eflags =  *(__ebp - 0x10) & 0x00000040;
											if(( *(__ebp - 0x10) & 0x00000040) == 0) {
												__ecx = __ebp + 0x14;
												E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
												asm("cdq");
												 *(__ebp - 0x2b8) = __ax & 0x0000ffff;
												 *(__ebp - 0x2b4) = __edx;
											} else {
												__eax = __ebp + 0x14;
												__eax = E0041C290(__ebp + 0x14);
												__ax = __eax;
												asm("cdq");
												 *(__ebp - 0x2b8) = __eax;
												 *(__ebp - 0x2b4) = __edx;
											}
										}
									} else {
										__eax = __ebp + 0x14;
										 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
										 *(__ebp - 0x2b4) = __edx;
									}
								} else {
									__ecx = __ebp + 0x14;
									 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
									 *(__ebp - 0x2b4) = __edx;
								}
								 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
								__eflags =  *(__ebp - 0x10) & 0x00000040;
								if(( *(__ebp - 0x10) & 0x00000040) == 0) {
									goto L170;
								}
								L166:
								__eflags =  *(__ebp - 0x2b4);
								if(__eflags > 0) {
									goto L170;
								}
								L167:
								if(__eflags < 0) {
									L169:
									 *(__ebp - 0x2b8) =  ~( *(__ebp - 0x2b8));
									__edx =  *(__ebp - 0x2b4);
									asm("adc edx, 0x0");
									__edx =  ~( *(__ebp - 0x2b4));
									 *(__ebp - 0x2c0) =  ~( *(__ebp - 0x2b8));
									 *(__ebp - 0x2bc) =  ~( *(__ebp - 0x2b4));
									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
									L171:
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
									__eflags =  *(__ebp - 0x10) & 0x00008000;
									if(( *(__ebp - 0x10) & 0x00008000) == 0) {
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
										__eflags =  *(__ebp - 0x10) & 0x00001000;
										if(( *(__ebp - 0x10) & 0x00001000) == 0) {
											__edx =  *(__ebp - 0x2c0);
											__eax =  *(__ebp - 0x2bc);
											__eax =  *(__ebp - 0x2bc) & 0x00000000;
											__eflags = __eax;
											 *(__ebp - 0x2bc) = __eax;
										}
									}
									__eflags =  *(__ebp - 0x30);
									if( *(__ebp - 0x30) >= 0) {
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
										__eflags =  *(__ebp - 0x30) - 0x200;
										if( *(__ebp - 0x30) > 0x200) {
											 *(__ebp - 0x30) = 0x200;
										}
									} else {
										 *(__ebp - 0x30) = 1;
									}
									 *(__ebp - 0x2c0) =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
									__eflags =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
									if(( *(__ebp - 0x2c0) |  *(__ebp - 0x2bc)) == 0) {
										 *(__ebp - 0x1c) = 0;
									}
									__eax = __ebp - 0x49;
									 *(__ebp - 4) = __ebp - 0x49;
									while(1) {
										L181:
										__ecx =  *(__ebp - 0x30);
										 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
										 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
										__eflags =  *(__ebp - 0x30);
										if( *(__ebp - 0x30) > 0) {
											goto L183;
										}
										L182:
										 *(__ebp - 0x2c0) =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
										__eflags =  *(__ebp - 0x2c0) |  *(__ebp - 0x2bc);
										if(( *(__ebp - 0x2c0) |  *(__ebp - 0x2bc)) == 0) {
											L186:
											__ebp - 0x49 = __ebp - 0x49 -  *(__ebp - 4);
											 *(__ebp - 0x24) = __ebp - 0x49 -  *(__ebp - 4);
											__ecx =  *(__ebp - 4);
											__ecx =  *(__ebp - 4) + 1;
											 *(__ebp - 4) = __ecx;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000200;
											__eflags =  *(__ebp - 0x10) & 0x00000200;
											if(( *(__ebp - 0x10) & 0x00000200) == 0) {
												while(1) {
													L190:
													__eflags =  *(__ebp - 0x28);
													if( *(__ebp - 0x28) != 0) {
														goto L216;
													}
													L191:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
													__eflags =  *(__ebp - 0x10) & 0x00000040;
													if(( *(__ebp - 0x10) & 0x00000040) != 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000100;
														__eflags =  *(__ebp - 0x10) & 0x00000100;
														if(( *(__ebp - 0x10) & 0x00000100) == 0) {
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000001;
															__eflags =  *(__ebp - 0x10) & 0x00000001;
															if(( *(__ebp - 0x10) & 0x00000001) == 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000002;
																__eflags =  *(__ebp - 0x10) & 0x00000002;
																if(( *(__ebp - 0x10) & 0x00000002) != 0) {
																	 *(__ebp - 0x14) = 0x20;
																	 *(__ebp - 0x1c) = 1;
																}
															} else {
																 *(__ebp - 0x14) = 0x2b;
																 *(__ebp - 0x1c) = 1;
															}
														} else {
															 *(__ebp - 0x14) = 0x2d;
															 *(__ebp - 0x1c) = 1;
														}
													}
													 *(__ebp - 0x18) =  *(__ebp - 0x18) -  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x18) -  *(__ebp - 0x24) -  *(__ebp - 0x1c);
													 *(__ebp - 0x2c4) =  *(__ebp - 0x18) -  *(__ebp - 0x24) -  *(__ebp - 0x1c);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x0000000c;
													__eflags =  *(__ebp - 0x10) & 0x0000000c;
													if(( *(__ebp - 0x10) & 0x0000000c) == 0) {
														__edx = __ebp - 0x24c;
														__eax =  *(__ebp + 8);
														__ecx =  *(__ebp - 0x2c4);
														__eax = E00422790(0x20,  *(__ebp - 0x2c4),  *(__ebp + 8), __ebp - 0x24c);
													}
													__edx = __ebp - 0x24c;
													__eax =  *(__ebp + 8);
													__ecx =  *(__ebp - 0x1c);
													__edx = __ebp - 0x14;
													E004227D0( *(__ebp - 0x1c), __ebp - 0x14,  *(__ebp - 0x1c),  *(__ebp + 8), __ebp - 0x24c) =  *(__ebp - 0x10);
													__eax =  *(__ebp - 0x10) & 0x00000008;
													__eflags =  *(__ebp - 0x10) & 0x00000008;
													if(( *(__ebp - 0x10) & 0x00000008) != 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000004;
														__eflags =  *(__ebp - 0x10) & 0x00000004;
														if(( *(__ebp - 0x10) & 0x00000004) == 0) {
															__edx = __ebp - 0x24c;
															__eax =  *(__ebp + 8);
															__ecx =  *(__ebp - 0x2c4);
															__eax = E00422790(0x30,  *(__ebp - 0x2c4),  *(__ebp + 8), __ebp - 0x24c);
														}
													}
													__eflags =  *(__ebp - 0xc);
													if( *(__ebp - 0xc) == 0) {
														L212:
														__ecx = __ebp - 0x24c;
														__edx =  *(__ebp + 8);
														__eax =  *(__ebp - 0x24);
														__ecx =  *(__ebp - 4);
														__eax = E004227D0(__ecx, __ecx,  *(__ebp - 0x24),  *(__ebp + 8), __ebp - 0x24c);
														goto L213;
													} else {
														L204:
														__eflags =  *(__ebp - 0x24);
														if( *(__ebp - 0x24) <= 0) {
															goto L212;
														}
														L205:
														 *(__ebp - 0x2dc) = 0;
														__edx =  *(__ebp - 4);
														 *(__ebp - 0x2c8) =  *(__ebp - 4);
														__eax =  *(__ebp - 0x24);
														 *(__ebp - 0x2cc) =  *(__ebp - 0x24);
														while(1) {
															L206:
															__ecx =  *(__ebp - 0x2cc);
															 *(__ebp - 0x2cc) =  *(__ebp - 0x2cc) - 1;
															 *(__ebp - 0x2cc) =  *(__ebp - 0x2cc) - 1;
															__eflags = __ecx;
															if(__ecx == 0) {
																break;
															}
															L207:
															__eax =  *(__ebp - 0x2c8);
															 *(__ebp - 0x32e) =  *( *(__ebp - 0x2c8));
															__edx =  *(__ebp - 0x32e) & 0x0000ffff;
															__eax = __ebp - 0x2d8;
															__ecx = __ebp - 0x2d0;
															 *(__ebp - 0x2dc) = E004212A0(__ebp - 0x2d0, __ebp - 0x2d8, 6,  *(__ebp - 0x32e) & 0x0000ffff);
															 *(__ebp - 0x2c8) =  *(__ebp - 0x2c8) + 2;
															 *(__ebp - 0x2c8) =  *(__ebp - 0x2c8) + 2;
															__eflags =  *(__ebp - 0x2dc);
															if( *(__ebp - 0x2dc) != 0) {
																L209:
																 *(__ebp - 0x24c) = 0xffffffff;
																break;
															}
															L208:
															__eflags =  *(__ebp - 0x2d0);
															if( *(__ebp - 0x2d0) != 0) {
																L210:
																__eax = __ebp - 0x24c;
																__ecx =  *(__ebp + 8);
																__edx =  *(__ebp - 0x2d0);
																__ebp - 0x2d8 = E004227D0( *(__ebp + 8), __ebp - 0x2d8,  *(__ebp - 0x2d0),  *(__ebp + 8), __ebp - 0x24c);
																continue;
															}
															goto L209;
														}
														L211:
														L213:
														__eflags =  *(__ebp - 0x24c);
														if( *(__ebp - 0x24c) >= 0) {
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000004;
															__eflags =  *(__ebp - 0x10) & 0x00000004;
															if(( *(__ebp - 0x10) & 0x00000004) != 0) {
																__eax = __ebp - 0x24c;
																__ecx =  *(__ebp + 8);
																__edx =  *(__ebp - 0x2c4);
																__eax = E00422790(0x20,  *(__ebp - 0x2c4),  *(__ebp + 8), __ebp - 0x24c);
															}
														}
													}
													L216:
													__eflags =  *(__ebp - 0x20);
													if( *(__ebp - 0x20) != 0) {
														 *(__ebp - 0x20) = L0040C240( *(__ebp - 0x20), 2);
														 *(__ebp - 0x20) = 0;
													}
													while(1) {
														L218:
														 *(_t557 - 0x251) =  *( *(_t557 + 0xc));
														_t547 =  *(_t557 - 0x251);
														 *(_t557 + 0xc) =  *(_t557 + 0xc) + 1;
														if( *(_t557 - 0x251) == 0 ||  *(_t557 - 0x24c) < 0) {
															break;
														} else {
															if( *(_t557 - 0x251) < 0x20 ||  *(_t557 - 0x251) > 0x78) {
																 *(_t557 - 0x310) = 0;
															} else {
																 *(_t557 - 0x310) =  *( *(_t557 - 0x251) + L"pecifier\", 0)") & 0xf;
															}
														}
														L7:
														 *(_t557 - 0x250) =  *(_t557 - 0x310);
														_t506 =  *(_t557 - 0x250) * 9;
														_t536 =  *(_t557 - 0x25c);
														_t547 = ( *(_t506 + _t536 + 0x4083d0) & 0x000000ff) >> 4;
														 *(_t557 - 0x25c) = ( *(_t506 + _t536 + 0x4083d0) & 0x000000ff) >> 4;
														if( *(_t557 - 0x25c) != 8) {
															L16:
															 *(_t557 - 0x318) =  *(_t557 - 0x25c);
															__eflags =  *(_t557 - 0x318) - 7;
															if( *(_t557 - 0x318) > 7) {
																continue;
															}
															L17:
															switch( *((intOrPtr*)( *(_t557 - 0x318) * 4 +  &M004225E0))) {
																case 0:
																	L18:
																	 *(_t557 - 0xc) = 0;
																	_t509 = E00419390( *(_t557 - 0x251) & 0x000000ff, E0040D3B0(_t557 - 0x40));
																	_t562 = _t559 + 8;
																	__eflags = _t509;
																	if(_t509 == 0) {
																		L24:
																		E004226F0( *(_t557 - 0x251) & 0x000000ff,  *(_t557 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t557 + 8)), _t557 - 0x24c);
																		_t559 = _t562 + 0xc;
																		goto L218;
																	} else {
																		E004226F0( *((intOrPtr*)(_t557 + 8)),  *(_t557 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t557 + 8)), _t557 - 0x24c);
																		_t562 = _t562 + 0xc;
																		_t541 =  *( *(_t557 + 0xc));
																		 *(_t557 - 0x251) =  *( *(_t557 + 0xc));
																		_t547 =  *(_t557 + 0xc) + 1;
																		__eflags = _t547;
																		 *(_t557 + 0xc) = _t547;
																		asm("sbb eax, eax");
																		 *(_t557 - 0x27c) =  ~( ~( *(_t557 - 0x251)));
																		if(_t547 == 0) {
																			_push(L"(ch != _T(\'\\0\'))");
																			_push(0);
																			_push(0x486);
																			_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																			_push(2);
																			_t521 = L0040E1A0();
																			_t562 = _t562 + 0x14;
																			__eflags = _t521 - 1;
																			if(_t521 == 1) {
																				asm("int3");
																			}
																		}
																		L22:
																		__eflags =  *(_t557 - 0x27c);
																		if( *(_t557 - 0x27c) != 0) {
																			goto L24;
																		} else {
																			 *((intOrPtr*)(L0040EC70(_t541))) = 0x16;
																			E00411A50(_t528, _t541, _t555, _t556, L"(ch != _T(\'\\0\'))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x486, 0);
																			 *(_t557 - 0x2f4) = 0xffffffff;
																			E0040D380(_t557 - 0x40);
																			_t499 =  *(_t557 - 0x2f4);
																			goto L229;
																		}
																	}
																case 1:
																	L25:
																	 *(__ebp - 0x2c) = 0;
																	__edx =  *(__ebp - 0x2c);
																	 *(__ebp - 0x28) =  *(__ebp - 0x2c);
																	__eax =  *(__ebp - 0x28);
																	 *(__ebp - 0x18) =  *(__ebp - 0x28);
																	__ecx =  *(__ebp - 0x18);
																	 *(__ebp - 0x1c) = __ecx;
																	 *(__ebp - 0x10) = 0;
																	 *(__ebp - 0x30) = 0xffffffff;
																	 *(__ebp - 0xc) = 0;
																	goto L218;
																case 2:
																	L26:
																	__edx =  *((char*)(__ebp - 0x251));
																	 *(__ebp - 0x31c) =  *((char*)(__ebp - 0x251));
																	 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
																	 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
																	__eflags =  *(__ebp - 0x31c) - 0x10;
																	if( *(__ebp - 0x31c) > 0x10) {
																		goto L33;
																	}
																	L27:
																	__ecx =  *(__ebp - 0x31c);
																	_t72 = __ecx + 0x422618; // 0x498d04
																	__edx =  *_t72 & 0x000000ff;
																	switch( *((intOrPtr*)(( *_t72 & 0x000000ff) * 4 +  &M00422600))) {
																		case 0:
																			goto L30;
																		case 1:
																			goto L31;
																		case 2:
																			goto L29;
																		case 3:
																			goto L28;
																		case 4:
																			goto L32;
																		case 5:
																			goto L33;
																	}
																case 3:
																	L34:
																	__edx =  *((char*)(__ebp - 0x251));
																	__eflags =  *((char*)(__ebp - 0x251)) - 0x2a;
																	if( *((char*)(__ebp - 0x251)) != 0x2a) {
																		__eax =  *(__ebp - 0x18);
																		__eax =  *(__ebp - 0x18) * 0xa;
																		__eflags = __eax;
																		__ecx =  *((char*)(__ebp - 0x251));
																		_t96 = __ecx - 0x30; // -48
																		__edx = __eax + _t96;
																		 *(__ebp - 0x18) = __eax + _t96;
																	} else {
																		__eax = __ebp + 0x14;
																		 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
																		__eflags =  *(__ebp - 0x18);
																		if( *(__ebp - 0x18) < 0) {
																			__ecx =  *(__ebp - 0x10);
																			__ecx =  *(__ebp - 0x10) | 0x00000004;
																			__eflags = __ecx;
																			 *(__ebp - 0x10) = __ecx;
																			 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
																			 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
																		}
																	}
																	goto L218;
																case 4:
																	L40:
																	 *(__ebp - 0x30) = 0;
																	goto L218;
																case 5:
																	L41:
																	__eax =  *((char*)(__ebp - 0x251));
																	__eflags =  *((char*)(__ebp - 0x251)) - 0x2a;
																	if( *((char*)(__ebp - 0x251)) != 0x2a) {
																		__edx =  *(__ebp - 0x30);
																		__edx =  *(__ebp - 0x30) * 0xa;
																		__eflags = __edx;
																		_t107 =  *((char*)(__ebp - 0x251)) - 0x30; // -48
																		__ecx = __edx + _t107;
																		 *(__ebp - 0x30) = __ecx;
																	} else {
																		__ecx = __ebp + 0x14;
																		 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
																		__eflags =  *(__ebp - 0x30);
																		if( *(__ebp - 0x30) < 0) {
																			 *(__ebp - 0x30) = 0xffffffff;
																		}
																	}
																	goto L218;
																case 6:
																	L47:
																	__edx =  *((char*)(__ebp - 0x251));
																	 *(__ebp - 0x320) =  *((char*)(__ebp - 0x251));
																	 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
																	 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
																	__eflags =  *(__ebp - 0x320) - 0x2e;
																	if( *(__ebp - 0x320) > 0x2e) {
																		L70:
																		goto L218;
																	}
																	L48:
																	__ecx =  *(__ebp - 0x320);
																	_t115 = __ecx + 0x422640; // 0x1e4e9003
																	__edx =  *_t115 & 0x000000ff;
																	switch( *((intOrPtr*)(( *_t115 & 0x000000ff) * 4 +  &M0042262C))) {
																		case 0:
																			L53:
																			__edx =  *(__ebp + 0xc);
																			__eax =  *( *(__ebp + 0xc));
																			__eflags =  *( *(__ebp + 0xc)) - 0x36;
																			if( *( *(__ebp + 0xc)) != 0x36) {
																				L56:
																				__edx =  *(__ebp + 0xc);
																				__eax =  *( *(__ebp + 0xc));
																				__eflags =  *( *(__ebp + 0xc)) - 0x33;
																				if( *( *(__ebp + 0xc)) != 0x33) {
																					L59:
																					__edx =  *(__ebp + 0xc);
																					__eax =  *( *(__ebp + 0xc));
																					__eflags =  *( *(__ebp + 0xc)) - 0x64;
																					if( *( *(__ebp + 0xc)) == 0x64) {
																						L65:
																						L67:
																						goto L70;
																					}
																					L60:
																					__ecx =  *(__ebp + 0xc);
																					__edx =  *__ecx;
																					__eflags =  *__ecx - 0x69;
																					if( *__ecx == 0x69) {
																						goto L65;
																					}
																					L61:
																					__eax =  *(__ebp + 0xc);
																					__ecx =  *( *(__ebp + 0xc));
																					__eflags = __ecx - 0x6f;
																					if(__ecx == 0x6f) {
																						goto L65;
																					}
																					L62:
																					__edx =  *(__ebp + 0xc);
																					__eax =  *( *(__ebp + 0xc));
																					__eflags =  *( *(__ebp + 0xc)) - 0x75;
																					if( *( *(__ebp + 0xc)) == 0x75) {
																						goto L65;
																					}
																					L63:
																					__ecx =  *(__ebp + 0xc);
																					__edx =  *__ecx;
																					__eflags =  *__ecx - 0x78;
																					if( *__ecx == 0x78) {
																						goto L65;
																					}
																					L64:
																					__eax =  *(__ebp + 0xc);
																					__ecx =  *( *(__ebp + 0xc));
																					__eflags = __ecx - 0x58;
																					if(__ecx != 0x58) {
																						 *(__ebp - 0x25c) = 0;
																						goto L18;
																					}
																					goto L65;
																				}
																				L57:
																				__ecx =  *(__ebp + 0xc);
																				__edx =  *((char*)(__ecx + 1));
																				__eflags =  *((char*)(__ecx + 1)) - 0x32;
																				if( *((char*)(__ecx + 1)) != 0x32) {
																					goto L59;
																				} else {
																					 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																					 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																					__ecx =  *(__ebp - 0x10);
																					__ecx =  *(__ebp - 0x10) & 0xffff7fff;
																					 *(__ebp - 0x10) = __ecx;
																					goto L67;
																				}
																			}
																			L54:
																			__ecx =  *(__ebp + 0xc);
																			__edx =  *((char*)(__ecx + 1));
																			__eflags =  *((char*)(__ecx + 1)) - 0x34;
																			if( *((char*)(__ecx + 1)) != 0x34) {
																				goto L56;
																			} else {
																				 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																				 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																				__ecx =  *(__ebp - 0x10);
																				__ecx =  *(__ebp - 0x10) | 0x00008000;
																				 *(__ebp - 0x10) = __ecx;
																				goto L67;
																			}
																		case 1:
																			L68:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																			goto L70;
																		case 2:
																			L49:
																			__eax =  *(__ebp + 0xc);
																			__ecx =  *( *(__ebp + 0xc));
																			__eflags = __ecx - 0x6c;
																			if(__ecx != 0x6c) {
																				__ecx =  *(__ebp - 0x10);
																				__ecx =  *(__ebp - 0x10) | 0x00000010;
																				__eflags = __ecx;
																				 *(__ebp - 0x10) = __ecx;
																			} else {
																				 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
																				 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																			}
																			goto L70;
																		case 3:
																			L69:
																			__eax =  *(__ebp - 0x10);
																			__eax =  *(__ebp - 0x10) | 0x00000800;
																			__eflags = __eax;
																			 *(__ebp - 0x10) = __eax;
																			goto L70;
																		case 4:
																			goto L70;
																	}
																case 7:
																	L71:
																	__ecx =  *((char*)(__ebp - 0x251));
																	 *(__ebp - 0x324) = __ecx;
																	 *(__ebp - 0x324) =  *(__ebp - 0x324) - 0x41;
																	 *(__ebp - 0x324) =  *(__ebp - 0x324) - 0x41;
																	__eflags =  *(__ebp - 0x324) - 0x37;
																	if( *(__ebp - 0x324) > 0x37) {
																		while(1) {
																			L190:
																			__eflags =  *(__ebp - 0x28);
																			if( *(__ebp - 0x28) != 0) {
																				goto L216;
																			}
																			goto L191;
																		}
																	}
																	L72:
																	_t156 =  *(__ebp - 0x324) + 0x4226ac; // 0xcccccc0d
																	__ecx =  *_t156 & 0x000000ff;
																	switch( *((intOrPtr*)(__ecx * 4 +  &M00422670))) {
																		case 0:
																			L123:
																			 *(__ebp - 0x2c) = 1;
																			__ecx =  *((char*)(__ebp - 0x251));
																			__ecx =  *((char*)(__ebp - 0x251)) + 0x20;
																			__eflags = __ecx;
																			 *((char*)(__ebp - 0x251)) = __cl;
																			goto L124;
																		case 1:
																			L73:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			__eflags =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				__eax =  *(__ebp - 0x10);
																				__eax =  *(__ebp - 0x10) | 0x00000800;
																				__eflags = __eax;
																				 *(__ebp - 0x10) = __eax;
																			}
																			goto L75;
																		case 2:
																			L88:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			__eflags =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				__ecx =  *(__ebp - 0x10);
																				__ecx =  *(__ebp - 0x10) | 0x00000800;
																				__eflags = __ecx;
																				 *(__ebp - 0x10) = __ecx;
																			}
																			goto L90;
																		case 3:
																			L146:
																			 *(__ebp - 0x260) = 7;
																			goto L148;
																		case 4:
																			L81:
																			__eax = __ebp + 0x14;
																			 *(__ebp - 0x288) = E0041C290(__ebp + 0x14);
																			__eflags =  *(__ebp - 0x288);
																			if( *(__ebp - 0x288) == 0) {
																				L83:
																				__edx =  *0x60b4f0; // 0x407424
																				 *(__ebp - 4) = __edx;
																				__eax =  *(__ebp - 4);
																				 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																				L87:
																				goto L190;
																			}
																			L82:
																			__ecx =  *(__ebp - 0x288);
																			__eflags =  *(__ecx + 4);
																			if( *(__ecx + 4) != 0) {
																				L84:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
																				__eflags =  *(__ebp - 0x10) & 0x00000800;
																				if(( *(__ebp - 0x10) & 0x00000800) == 0) {
																					 *(__ebp - 0xc) = 0;
																					__edx =  *(__ebp - 0x288);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x288);
																					__edx =  *__ecx;
																					 *(__ebp - 0x24) =  *__ecx;
																				} else {
																					__edx =  *(__ebp - 0x288);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x288);
																					__eax =  *__ecx;
																					asm("cdq");
																					 *__ecx - __edx =  *__ecx - __edx >> 1;
																					 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
																					 *(__ebp - 0xc) = 1;
																				}
																				goto L87;
																			}
																			goto L83;
																		case 5:
																			L124:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			__eax = __ebp - 0x248;
																			 *(__ebp - 4) = __ebp - 0x248;
																			 *(__ebp - 0x44) = 0x200;
																			__eflags =  *(__ebp - 0x30);
																			if( *(__ebp - 0x30) >= 0) {
																				L126:
																				__eflags =  *(__ebp - 0x30);
																				if( *(__ebp - 0x30) != 0) {
																					L129:
																					__eflags =  *(__ebp - 0x30) - 0x200;
																					if( *(__ebp - 0x30) > 0x200) {
																						 *(__ebp - 0x30) = 0x200;
																					}
																					L131:
																					__eflags =  *(__ebp - 0x30) - 0xa3;
																					if( *(__ebp - 0x30) > 0xa3) {
																						 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																						 *(__ebp - 0x20) = L0040B5C0(__ecx,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																						__eflags =  *(__ebp - 0x20);
																						if( *(__ebp - 0x20) == 0) {
																							 *(__ebp - 0x30) = 0xa3;
																						} else {
																							__eax =  *(__ebp - 0x20);
																							 *(__ebp - 4) =  *(__ebp - 0x20);
																							 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																							 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																						}
																					}
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					__eax =  *(__ebp + 0x14);
																					__ecx =  *(__eax - 8);
																					__edx =  *(__eax - 4);
																					 *(__ebp - 0x2a8) =  *(__eax - 8);
																					 *(__ebp - 0x2a4) =  *(__eax - 4);
																					__ecx = __ebp - 0x40;
																					_push(E0040D3B0(__ebp - 0x40));
																					__eax =  *(__ebp - 0x2c);
																					_push( *(__ebp - 0x2c));
																					__ecx =  *(__ebp - 0x30);
																					_push( *(__ebp - 0x30));
																					__edx =  *((char*)(__ebp - 0x251));
																					_push( *((char*)(__ebp - 0x251)));
																					__eax =  *(__ebp - 0x44);
																					_push( *(__ebp - 0x44));
																					__ecx =  *(__ebp - 4);
																					_push( *(__ebp - 4));
																					__edx = __ebp - 0x2a8;
																					_push(__ebp - 0x2a8);
																					__eax =  *0x60b3cc; // 0x7e8c4bdb
																					__eax =  *__eax();
																					__esp = __esp + 0x1c;
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																					__eflags =  *(__ebp - 0x10) & 0x00000080;
																					if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																						__eflags =  *(__ebp - 0x30);
																						if( *(__ebp - 0x30) == 0) {
																							__ecx = __ebp - 0x40;
																							_push(E0040D3B0(__ebp - 0x40));
																							__edx =  *(__ebp - 4);
																							_push( *(__ebp - 4));
																							__eax =  *0x60b3d8; // 0x7e8c4bdb
																							__eax =  *__eax();
																							__esp = __esp + 8;
																						}
																					}
																					__ecx =  *((char*)(__ebp - 0x251));
																					__eflags =  *((char*)(__ebp - 0x251)) - 0x67;
																					if( *((char*)(__ebp - 0x251)) == 0x67) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																						__eflags =  *(__ebp - 0x10) & 0x00000080;
																						if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																							__ecx = __ebp - 0x40;
																							_push(E0040D3B0(__ebp - 0x40));
																							__eax =  *(__ebp - 4);
																							_push( *(__ebp - 4));
																							__ecx =  *0x60b3d4; // 0x7e8c4bdb
																							E00410200(__ecx) =  *__eax();
																							__esp = __esp + 8;
																						}
																					}
																					__edx =  *(__ebp - 4);
																					__eax =  *( *(__ebp - 4));
																					__eflags =  *( *(__ebp - 4)) - 0x2d;
																					if( *( *(__ebp - 4)) == 0x2d) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						__edx =  *(__ebp - 4);
																						__edx =  *(__ebp - 4) + 1;
																						__eflags = __edx;
																						 *(__ebp - 4) = __edx;
																					}
																					__eax =  *(__ebp - 4);
																					 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																					do {
																						L190:
																						__eflags =  *(__ebp - 0x28);
																						if( *(__ebp - 0x28) != 0) {
																							goto L216;
																						}
																						goto L191;
																					} while ( *(__ebp - 0x324) > 0x37);
																					goto L72;
																				}
																				L127:
																				__ecx =  *((char*)(__ebp - 0x251));
																				__eflags = __ecx - 0x67;
																				if(__ecx != 0x67) {
																					goto L129;
																				}
																				L128:
																				 *(__ebp - 0x30) = 1;
																				goto L131;
																			}
																			L125:
																			 *(__ebp - 0x30) = 6;
																			goto L131;
																		case 6:
																			L75:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
																			__eflags =  *(__ebp - 0x10) & 0x00000810;
																			if(( *(__ebp - 0x10) & 0x00000810) == 0) {
																				__ebp + 0x14 = E0041C290(__ebp + 0x14);
																				 *(__ebp - 0x284) = __ax;
																				__cl =  *(__ebp - 0x284);
																				 *(__ebp - 0x248) = __cl;
																				 *(__ebp - 0x24) = 1;
																			} else {
																				 *(__ebp - 0x280) = 0;
																				__edx = __ebp + 0x14;
																				__eax = E0041C2D0(__ebp + 0x14);
																				 *(__ebp - 0x258) = __ax;
																				__eax =  *(__ebp - 0x258) & 0x0000ffff;
																				__ecx = __ebp - 0x248;
																				__edx = __ebp - 0x24;
																				 *(__ebp - 0x280) = E004212A0(__ebp - 0x24, __ebp - 0x248, 0x200,  *(__ebp - 0x258) & 0x0000ffff);
																				__eflags =  *(__ebp - 0x280);
																				if( *(__ebp - 0x280) != 0) {
																					 *(__ebp - 0x28) = 1;
																				}
																			}
																			__edx = __ebp - 0x248;
																			 *(__ebp - 4) = __ebp - 0x248;
																			while(1) {
																				L190:
																				__eflags =  *(__ebp - 0x28);
																				if( *(__ebp - 0x28) != 0) {
																					goto L216;
																				}
																				goto L191;
																			}
																		case 7:
																			L144:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 8) = 0xa;
																			goto L153;
																		case 8:
																			L109:
																			__ecx = __ebp + 0x14;
																			 *(__ebp - 0x298) = E0041C290(__ebp + 0x14);
																			__eax = E00420F80();
																			__eflags = __eax;
																			if(__eax != 0) {
																				L119:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																				__eflags =  *(__ebp - 0x10) & 0x00000020;
																				if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																					__edx =  *(__ebp - 0x298);
																					__eax =  *(__ebp - 0x24c);
																					 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
																				} else {
																					__eax =  *(__ebp - 0x298);
																					 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
																				}
																				 *(__ebp - 0x28) = 1;
																				while(1) {
																					L190:
																					__eflags =  *(__ebp - 0x28);
																					if( *(__ebp - 0x28) != 0) {
																						goto L216;
																					}
																					goto L191;
																				}
																			}
																			L110:
																			__edx = 0;
																			__eflags = 0;
																			if(0 == 0) {
																				 *(__ebp - 0x32c) = 0;
																			} else {
																				 *(__ebp - 0x32c) = 1;
																			}
																			__eax =  *(__ebp - 0x32c);
																			 *(__ebp - 0x29c) =  *(__ebp - 0x32c);
																			__eflags =  *(__ebp - 0x29c);
																			if( *(__ebp - 0x29c) == 0) {
																				_push(L"(\"\'n\' format specifier disabled\", 0)");
																				_push(0);
																				_push(0x695);
																				_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																				_push(2);
																				__eax = L0040E1A0();
																				__esp = __esp + 0x14;
																				__eflags = __eax - 1;
																				if(__eax == 1) {
																					asm("int3");
																				}
																			}
																			__eflags =  *(__ebp - 0x29c);
																			if( *(__ebp - 0x29c) != 0) {
																				L118:
																				while(1) {
																					L190:
																					__eflags =  *(__ebp - 0x28);
																					if( *(__ebp - 0x28) != 0) {
																						goto L216;
																					}
																					goto L191;
																				}
																			} else {
																				L117:
																				 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
																				__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
																				 *(__ebp - 0x2f8) = 0xffffffff;
																				__ecx = __ebp - 0x40;
																				__eax = E0040D380(__ecx);
																				__eax =  *(__ebp - 0x2f8);
																				goto L229;
																			}
																		case 9:
																			L151:
																			 *(__ebp - 8) = 8;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			__eflags =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				__edx =  *(__ebp - 0x10);
																				__edx =  *(__ebp - 0x10) | 0x00000200;
																				__eflags = __edx;
																				 *(__ebp - 0x10) = __edx;
																			}
																			L153:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																			__eflags =  *(__ebp - 0x10) & 0x00008000;
																			if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																				__eflags =  *(__ebp - 0x10) & 0x00001000;
																				if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																					__eflags =  *(__ebp - 0x10) & 0x00000020;
																					if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__edx = 0;
																							__eflags = 0;
																							 *(__ebp - 0x2b8) = __eax;
																							 *(__ebp - 0x2b4) = 0;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							asm("cdq");
																							 *(__ebp - 0x2b8) = __eax;
																							 *(__ebp - 0x2b4) = __edx;
																						}
																					} else {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																							asm("cdq");
																							 *(__ebp - 0x2b8) = __ax & 0x0000ffff;
																							 *(__ebp - 0x2b4) = __edx;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__ax = __eax;
																							asm("cdq");
																							 *(__ebp - 0x2b8) = __eax;
																							 *(__ebp - 0x2b4) = __edx;
																						}
																					}
																				} else {
																					__eax = __ebp + 0x14;
																					 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																					 *(__ebp - 0x2b4) = __edx;
																				}
																			} else {
																				__ecx = __ebp + 0x14;
																				 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																				 *(__ebp - 0x2b4) = __edx;
																			}
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																			__eflags =  *(__ebp - 0x10) & 0x00000040;
																			if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																				goto L170;
																			}
																		case 0xa:
																			goto L0;
																		case 0xb:
																			L90:
																			__eflags =  *(__ebp - 0x30) - 0xffffffff;
																			if( *(__ebp - 0x30) != 0xffffffff) {
																				__edx =  *(__ebp - 0x30);
																				 *(__ebp - 0x328) =  *(__ebp - 0x30);
																			} else {
																				 *(__ebp - 0x328) = 0x7fffffff;
																			}
																			__eax =  *(__ebp - 0x328);
																			 *(__ebp - 0x290) =  *(__ebp - 0x328);
																			__ecx = __ebp + 0x14;
																			 *(__ebp - 4) = E0041C290(__ebp + 0x14);
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
																			__eflags =  *(__ebp - 0x10) & 0x00000810;
																			if(( *(__ebp - 0x10) & 0x00000810) == 0) {
																				L101:
																				__eflags =  *(__ebp - 4);
																				if( *(__ebp - 4) == 0) {
																					__edx =  *0x60b4f0; // 0x407424
																					 *(__ebp - 4) = __edx;
																				}
																				__eax =  *(__ebp - 4);
																				 *(__ebp - 0x28c) =  *(__ebp - 4);
																				while(1) {
																					L104:
																					__ecx =  *(__ebp - 0x290);
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					__eflags = __ecx;
																					if(__ecx == 0) {
																						break;
																					}
																					L105:
																					__eax =  *(__ebp - 0x28c);
																					__ecx =  *( *(__ebp - 0x28c));
																					__eflags = __ecx;
																					if(__ecx == 0) {
																						break;
																					}
																					L106:
																					 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
																					 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
																				}
																				L107:
																				__eax =  *(__ebp - 0x28c);
																				__eax =  *(__ebp - 0x28c) -  *(__ebp - 4);
																				__eflags = __eax;
																				 *(__ebp - 0x24) = __eax;
																				goto L108;
																			} else {
																				L94:
																				__eflags =  *(__ebp - 4);
																				if( *(__ebp - 4) == 0) {
																					__eax =  *0x60b4f4; // 0x407414
																					 *(__ebp - 4) = __eax;
																				}
																				 *(__ebp - 0xc) = 1;
																				__ecx =  *(__ebp - 4);
																				 *(__ebp - 0x294) =  *(__ebp - 4);
																				while(1) {
																					L97:
																					__edx =  *(__ebp - 0x290);
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					__eflags =  *(__ebp - 0x290);
																					if( *(__ebp - 0x290) == 0) {
																						break;
																					}
																					L98:
																					__ecx =  *(__ebp - 0x294);
																					__edx =  *( *(__ebp - 0x294)) & 0x0000ffff;
																					__eflags =  *( *(__ebp - 0x294)) & 0x0000ffff;
																					if(( *( *(__ebp - 0x294)) & 0x0000ffff) == 0) {
																						break;
																					}
																					L99:
																					 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
																					 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
																				}
																				L100:
																				 *(__ebp - 0x294) =  *(__ebp - 0x294) -  *(__ebp - 4);
																				__ecx =  *(__ebp - 0x294) -  *(__ebp - 4) >> 1;
																				 *(__ebp - 0x24) = __ecx;
																				L108:
																				while(1) {
																					L190:
																					__eflags =  *(__ebp - 0x28);
																					if( *(__ebp - 0x28) != 0) {
																						goto L216;
																					}
																					goto L191;
																				}
																			}
																		case 0xc:
																			L145:
																			 *(__ebp - 8) = 0xa;
																			while(1) {
																				L153:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																				__eflags =  *(__ebp - 0x10) & 0x00008000;
																				if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																					__eflags =  *(__ebp - 0x10) & 0x00001000;
																					if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																						__eflags =  *(__ebp - 0x10) & 0x00000020;
																						if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																							__eflags =  *(__ebp - 0x10) & 0x00000040;
																							if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																								__ecx = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								__edx = 0;
																								__eflags = 0;
																								 *(__ebp - 0x2b8) = __eax;
																								 *(__ebp - 0x2b4) = 0;
																							} else {
																								__eax = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								asm("cdq");
																								 *(__ebp - 0x2b8) = __eax;
																								 *(__ebp - 0x2b4) = __edx;
																							}
																						} else {
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																							__eflags =  *(__ebp - 0x10) & 0x00000040;
																							if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																								__ecx = __ebp + 0x14;
																								E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																								asm("cdq");
																								 *(__ebp - 0x2b8) = __ax & 0x0000ffff;
																								 *(__ebp - 0x2b4) = __edx;
																							} else {
																								__eax = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								__ax = __eax;
																								asm("cdq");
																								 *(__ebp - 0x2b8) = __eax;
																								 *(__ebp - 0x2b4) = __edx;
																							}
																						}
																					} else {
																						__eax = __ebp + 0x14;
																						 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																						 *(__ebp - 0x2b4) = __edx;
																					}
																				} else {
																					__ecx = __ebp + 0x14;
																					 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																					 *(__ebp - 0x2b4) = __edx;
																				}
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																				__eflags =  *(__ebp - 0x10) & 0x00000040;
																				if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																					goto L170;
																				}
																				goto L166;
																			}
																		case 0xd:
																			L147:
																			 *(__ebp - 0x260) = 0x27;
																			L148:
																			 *(__ebp - 8) = 0x10;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			__eflags =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				 *(__ebp - 0x14) = 0x30;
																				 *(__ebp - 0x260) =  *(__ebp - 0x260) + 0x51;
																				__eflags =  *(__ebp - 0x260) + 0x51;
																				 *((char*)(__ebp - 0x13)) = __al;
																				 *(__ebp - 0x1c) = 2;
																			}
																			while(1) {
																				L153:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																				__eflags =  *(__ebp - 0x10) & 0x00008000;
																				if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																					__eflags =  *(__ebp - 0x10) & 0x00001000;
																					if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																						__eflags =  *(__ebp - 0x10) & 0x00000020;
																						if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																							__eflags =  *(__ebp - 0x10) & 0x00000040;
																							if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																								__ecx = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								__edx = 0;
																								__eflags = 0;
																								 *(__ebp - 0x2b8) = __eax;
																								 *(__ebp - 0x2b4) = 0;
																							} else {
																								__eax = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								asm("cdq");
																								 *(__ebp - 0x2b8) = __eax;
																								 *(__ebp - 0x2b4) = __edx;
																							}
																						} else {
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																							__eflags =  *(__ebp - 0x10) & 0x00000040;
																							if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																								__ecx = __ebp + 0x14;
																								E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																								asm("cdq");
																								 *(__ebp - 0x2b8) = __ax & 0x0000ffff;
																								 *(__ebp - 0x2b4) = __edx;
																							} else {
																								__eax = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								__ax = __eax;
																								asm("cdq");
																								 *(__ebp - 0x2b8) = __eax;
																								 *(__ebp - 0x2b4) = __edx;
																							}
																						}
																					} else {
																						__eax = __ebp + 0x14;
																						 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																						 *(__ebp - 0x2b4) = __edx;
																					}
																				} else {
																					__ecx = __ebp + 0x14;
																					 *(__ebp - 0x2b8) = E0041C2B0(__ebp + 0x14);
																					 *(__ebp - 0x2b4) = __edx;
																				}
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																				__eflags =  *(__ebp - 0x10) & 0x00000040;
																				if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																					goto L170;
																				}
																				goto L166;
																			}
																		case 0xe:
																			while(1) {
																				L190:
																				__eflags =  *(__ebp - 0x28);
																				if( *(__ebp - 0x28) != 0) {
																					goto L216;
																				}
																				goto L191;
																			}
																	}
																case 8:
																	L30:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
																	goto L33;
																case 9:
																	L31:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																	goto L33;
																case 0xa:
																	L29:
																	__ecx =  *(__ebp - 0x10);
																	__ecx =  *(__ebp - 0x10) | 0x00000001;
																	 *(__ebp - 0x10) = __ecx;
																	goto L33;
																case 0xb:
																	L28:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																	goto L33;
																case 0xc:
																	L32:
																	__ecx =  *(__ebp - 0x10);
																	__ecx =  *(__ebp - 0x10) | 0x00000008;
																	__eflags = __ecx;
																	 *(__ebp - 0x10) = __ecx;
																	goto L33;
																case 0xd:
																	L33:
																	goto L218;
															}
														} else {
															if(0 == 0) {
																 *(_t557 - 0x314) = 0;
															} else {
																 *(_t557 - 0x314) = 1;
															}
															_t543 =  *(_t557 - 0x314);
															 *(_t557 - 0x278) =  *(_t557 - 0x314);
															if( *(_t557 - 0x278) == 0) {
																_push(L"(\"Incorrect format specifier\", 0)");
																_push(0);
																_push(0x460);
																_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																_push(2);
																_t526 = L0040E1A0();
																_t559 = _t559 + 0x14;
																if(_t526 == 1) {
																	asm("int3");
																}
															}
															L14:
															if( *(_t557 - 0x278) != 0) {
																goto L16;
															} else {
																 *((intOrPtr*)(L0040EC70(_t543))) = 0x16;
																E00411A50(_t528, _t543, _t555, _t556, L"(\"Incorrect format specifier\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
																 *(_t557 - 0x2f0) = 0xffffffff;
																E0040D380(_t557 - 0x40);
																_t499 =  *(_t557 - 0x2f0);
																L229:
																return E00416CA0(_t499, _t528,  *(_t557 - 0x48) ^ _t557, _t547, _t555, _t556);
															}
														}
													}
													L219:
													__eflags =  *(_t557 - 0x25c);
													if( *(_t557 - 0x25c) == 0) {
														L222:
														 *(_t557 - 0x334) = 1;
														L223:
														_t530 =  *(_t557 - 0x334);
														 *(_t557 - 0x2e0) =  *(_t557 - 0x334);
														__eflags =  *(_t557 - 0x2e0);
														if( *(_t557 - 0x2e0) == 0) {
															_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
															_push(0);
															_push(0x8f5);
															_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
															_push(2);
															_t504 = L0040E1A0();
															_t559 = _t559 + 0x14;
															__eflags = _t504 - 1;
															if(_t504 == 1) {
																asm("int3");
															}
														}
														__eflags =  *(_t557 - 0x2e0);
														if( *(_t557 - 0x2e0) != 0) {
															 *(_t557 - 0x300) =  *(_t557 - 0x24c);
															E0040D380(_t557 - 0x40);
															_t499 =  *(_t557 - 0x300);
														} else {
															 *((intOrPtr*)(L0040EC70(_t530))) = 0x16;
															E00411A50(_t528, _t530, _t555, _t556, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
															 *(_t557 - 0x2fc) = 0xffffffff;
															E0040D380(_t557 - 0x40);
															_t499 =  *(_t557 - 0x2fc);
														}
														goto L229;
													}
													L220:
													__eflags =  *(_t557 - 0x25c) - 7;
													if( *(_t557 - 0x25c) == 7) {
														goto L222;
													}
													L221:
													 *(_t557 - 0x334) = 0;
													goto L223;
												}
											}
											L187:
											__eflags =  *(__ebp - 0x24);
											if( *(__ebp - 0x24) == 0) {
												L189:
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												__eax =  *(__ebp - 4);
												 *( *(__ebp - 4)) = 0x30;
												__ecx =  *(__ebp - 0x24);
												__ecx =  *(__ebp - 0x24) + 1;
												__eflags = __ecx;
												 *(__ebp - 0x24) = __ecx;
												goto L190;
											}
											L188:
											__eax =  *(__ebp - 4);
											__ecx =  *( *(__ebp - 4));
											__eflags = __ecx - 0x30;
											if(__ecx == 0x30) {
												goto L190;
											}
											goto L189;
										}
										L183:
										__eax =  *(__ebp - 8);
										asm("cdq");
										__ecx =  *(__ebp - 0x2bc);
										__edx =  *(__ebp - 0x2c0);
										__eax = E0041CE40( *(__ebp - 0x2c0),  *(__ebp - 0x2bc),  *(__ebp - 8),  *(__ebp - 0x2c0));
										 *(__ebp - 0x2ac) = __eax;
										__eax =  *(__ebp - 8);
										asm("cdq");
										__eax =  *(__ebp - 0x2bc);
										__ecx =  *(__ebp - 0x2c0);
										 *(__ebp - 0x2c0) = E0041CDD0( *(__ebp - 0x2c0),  *(__ebp - 0x2bc),  *(__ebp - 8), __edx);
										 *(__ebp - 0x2bc) = __edx;
										__eflags =  *(__ebp - 0x2ac) - 0x39;
										if( *(__ebp - 0x2ac) > 0x39) {
											__edx =  *(__ebp - 0x2ac);
											__edx =  *(__ebp - 0x2ac) +  *(__ebp - 0x260);
											__eflags = __edx;
											 *(__ebp - 0x2ac) = __edx;
										}
										__eax =  *(__ebp - 4);
										__cl =  *(__ebp - 0x2ac);
										 *( *(__ebp - 4)) = __cl;
										 *(__ebp - 4) =  *(__ebp - 4) - 1;
										 *(__ebp - 4) =  *(__ebp - 4) - 1;
										L181:
										__ecx =  *(__ebp - 0x30);
										 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
										 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
										__eflags =  *(__ebp - 0x30);
										if( *(__ebp - 0x30) > 0) {
											goto L183;
										}
										goto L182;
									}
								}
								L168:
								__eflags =  *(__ebp - 0x2b8);
								if( *(__ebp - 0x2b8) >= 0) {
									goto L170;
								}
								goto L169;
								L170:
								__ecx =  *(__ebp - 0x2b8);
								 *(__ebp - 0x2c0) =  *(__ebp - 0x2b8);
								__edx =  *(__ebp - 0x2b4);
								 *(__ebp - 0x2bc) =  *(__ebp - 0x2b4);
								goto L171;
							}
						}
					}
				}
			}

0x00422014
0x00422014
0x00422014
0x00422014
0x00422014
0x00422014
0x00422014
0x0042201b
0x0042201b
0x0042201b
0x00422031
0x00422031
0x00422031
0x0042203b
0x0042203b
0x00422041
0x00422043
0x0042204d
0x0042204d
0x00422050
0x00422053
0x00422053
0x0042207a
0x0042207a
0x0042207d
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x00422136
0x0042213a
0x00422142
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211b
0x0042211f
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f5
0x00422101
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220d9
0x004220dd
0x004220e5
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220ac
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422084
0x00422090
0x00422096
0x00422096
0x00422153
0x00422153
0x00422156
0x00000000
0x00000000
0x00422158
0x00422158
0x0042215f
0x00000000
0x00000000
0x00422161
0x00422161
0x0042216c
0x00422172
0x00422174
0x0042217a
0x0042217d
0x0042217f
0x00422185
0x0042218e
0x00422193
0x004221b0
0x004221b3
0x004221b3
0x004221b8
0x004221bd
0x004221bd
0x004221c3
0x004221c5
0x004221cb
0x004221d1
0x004221d1
0x004221da
0x004221da
0x004221c3
0x004221e0
0x004221e4
0x004221f2
0x004221f5
0x004221f8
0x004221ff
0x00422201
0x00422201
0x004221e6
0x004221e6
0x004221e6
0x0042220e
0x0042220e
0x00422214
0x00422216
0x00422216
0x0042221d
0x00422220
0x00422223
0x00422223
0x00422223
0x00422229
0x0042222c
0x0042222f
0x00422231
0x00000000
0x00000000
0x00422233
0x00422239
0x00422239
0x0042223f
0x004222bc
0x004222bf
0x004222c2
0x004222c5
0x004222c8
0x004222cb
0x004222d1
0x004222d1
0x004222d7
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x0042230c
0x0042230f
0x0042230f
0x00422312
0x00422317
0x00422317
0x0042231c
0x0042232e
0x0042232e
0x00422331
0x00422343
0x00422343
0x00422346
0x00422348
0x0042234c
0x0042234c
0x00422333
0x00422333
0x00422337
0x00422337
0x0042231e
0x0042231e
0x00422322
0x00422322
0x0042231c
0x00422356
0x00422359
0x0042235c
0x00422365
0x00422365
0x00422368
0x0042236a
0x00422371
0x00422375
0x0042237e
0x00422383
0x00422386
0x0042238d
0x00422391
0x00422395
0x004223a1
0x004223a4
0x004223a4
0x004223a7
0x004223ac
0x004223ac
0x004223af
0x004223b1
0x004223b8
0x004223bc
0x004223c5
0x004223ca
0x004223af
0x004223cd
0x004223d1
0x004224a5
0x004224a5
0x004224ac
0x004224b0
0x004224b4
0x004224b8
0x00000000
0x004223d7
0x004223d7
0x004223d7
0x004223db
0x00000000
0x00000000
0x004223e1
0x004223e1
0x004223eb
0x004223ee
0x004223f4
0x004223f7
0x004223fd
0x004223fd
0x004223fd
0x00422409
0x0042240c
0x00422412
0x00422414
0x00000000
0x00000000
0x0042241a
0x0042241a
0x00422423
0x0042242a
0x00422434
0x0042243b
0x0042244a
0x00422456
0x00422459
0x0042245f
0x00422466
0x00422471
0x00422471
0x00000000
0x00422471
0x00422468
0x00422468
0x0042246f
0x0042247d
0x0042247d
0x00422484
0x00422488
0x00422496
0x00000000
0x0042249b
0x00000000
0x0042246f
0x004224a3
0x004224c0
0x004224c0
0x004224c7
0x004224cc
0x004224cc
0x004224cf
0x004224d1
0x004224d8
0x004224dc
0x004224e5
0x004224ea
0x004224cf
0x004224c7
0x004224ed
0x004224ed
0x004224f1
0x004224f9
0x00422501
0x00422501
0x00422508
0x00422508
0x004215df
0x004215e5
0x004215f2
0x004215f7
0x00000000
0x0042160a
0x00421614
0x0042163b
0x00421622
0x00421633
0x00421633
0x00421614
0x00421645
0x0042164b
0x00421657
0x0042165a
0x00421668
0x0042166b
0x00421678
0x0042171d
0x00421723
0x00421729
0x00421730
0x00000000
0x00000000
0x00421736
0x0042173c
0x00000000
0x00421743
0x00421743
0x0042175b
0x00421760
0x00421763
0x00421765
0x0042181f
0x00421832
0x00421837
0x00000000
0x0042176b
0x0042177e
0x00421783
0x00421789
0x0042178b
0x00421794
0x00421794
0x00421797
0x004217a3
0x004217a7
0x004217ad
0x004217af
0x004217b4
0x004217b6
0x004217bb
0x004217c0
0x004217c2
0x004217c7
0x004217ca
0x004217cd
0x004217cf
0x004217cf
0x004217cd
0x004217d0
0x004217d0
0x004217d7
0x00000000
0x004217d9
0x004217de
0x004217fa
0x00421802
0x0042180f
0x00421814
0x00000000
0x00421814
0x004217d7
0x00000000
0x0042183f
0x0042183f
0x00421846
0x00421849
0x0042184c
0x0042184f
0x00421852
0x00421855
0x00421858
0x0042185f
0x00421866
0x00000000
0x00000000
0x00421872
0x00421872
0x00421879
0x00421885
0x00421888
0x0042188e
0x00421895
0x00000000
0x00000000
0x00421897
0x00421897
0x0042189d
0x0042189d
0x004218a4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004218e7
0x004218e7
0x004218ee
0x004218f1
0x0042191b
0x0042191e
0x0042191e
0x00421921
0x00421928
0x00421928
0x0042192c
0x004218f3
0x004218f3
0x004218ff
0x00421902
0x00421906
0x00421908
0x0042190b
0x0042190b
0x0042190e
0x00421914
0x00421916
0x00421916
0x00421919
0x00000000
0x00000000
0x00421934
0x00421934
0x00000000
0x00000000
0x00421940
0x00421940
0x00421947
0x0042194a
0x0042196a
0x0042196d
0x0042196d
0x00421977
0x00421977
0x0042197b
0x0042194c
0x0042194c
0x00421958
0x0042195b
0x0042195f
0x00421961
0x00421961
0x00421968
0x00000000
0x00000000
0x00421983
0x00421983
0x0042198a
0x00421996
0x00421999
0x0042199f
0x004219a6
0x00421ab9
0x00000000
0x00421ab9
0x004219ac
0x004219ac
0x004219b2
0x004219b2
0x004219b9
0x00000000
0x004219ef
0x004219ef
0x004219f2
0x004219f5
0x004219f8
0x00421a20
0x00421a20
0x00421a23
0x00421a26
0x00421a29
0x00421a4e
0x00421a4e
0x00421a51
0x00421a54
0x00421a57
0x00421a90
0x00421aa1
0x00000000
0x00421aa1
0x00421a59
0x00421a59
0x00421a5c
0x00421a5f
0x00421a62
0x00000000
0x00000000
0x00421a64
0x00421a64
0x00421a67
0x00421a6a
0x00421a6d
0x00000000
0x00000000
0x00421a6f
0x00421a6f
0x00421a72
0x00421a75
0x00421a78
0x00000000
0x00000000
0x00421a7a
0x00421a7a
0x00421a7d
0x00421a80
0x00421a83
0x00000000
0x00000000
0x00421a85
0x00421a85
0x00421a88
0x00421a8b
0x00421a8e
0x00421a92
0x00000000
0x00421a92
0x00000000
0x00421a8e
0x00421a2b
0x00421a2b
0x00421a2e
0x00421a32
0x00421a35
0x00000000
0x00421a37
0x00421a3a
0x00421a3d
0x00421a40
0x00421a43
0x00421a49
0x00000000
0x00421a49
0x00421a35
0x004219fa
0x004219fa
0x004219fd
0x00421a01
0x00421a04
0x00000000
0x00421a06
0x00421a09
0x00421a0c
0x00421a0f
0x00421a12
0x00421a18
0x00000000
0x00421a18
0x00000000
0x00421aa3
0x00421aa6
0x00421aa9
0x00000000
0x00000000
0x004219c0
0x004219c0
0x004219c3
0x004219c6
0x004219c9
0x004219e1
0x004219e4
0x004219e4
0x004219e7
0x004219cb
0x004219ce
0x004219d1
0x004219d7
0x004219dc
0x004219dc
0x00000000
0x00000000
0x00421aae
0x00421aae
0x00421ab1
0x00421ab1
0x00421ab6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00421abe
0x00421abe
0x00421ac5
0x00421ad1
0x00421ad4
0x00421ada
0x00421ae1
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00421ae7
0x00421aed
0x00421aed
0x00421af4
0x00000000
0x00421e4e
0x00421e4e
0x00421e55
0x00421e5c
0x00421e5c
0x00421e5f
0x00000000
0x00000000
0x00421afb
0x00421afe
0x00421afe
0x00421b04
0x00421b06
0x00421b09
0x00421b09
0x00421b0e
0x00421b0e
0x00000000
0x00000000
0x00421c3b
0x00421c3e
0x00421c3e
0x00421c43
0x00421c45
0x00421c48
0x00421c48
0x00421c4e
0x00421c4e
0x00000000
0x00000000
0x0042201b
0x0042201b
0x00000000
0x00000000
0x00421ba5
0x00421ba5
0x00421bb1
0x00421bb7
0x00421bbe
0x00421bcc
0x00421bcc
0x00421bd2
0x00421bd5
0x00421be1
0x00421c36
0x00000000
0x00421c36
0x00421bc0
0x00421bc0
0x00421bc6
0x00421bca
0x00421be6
0x00421be9
0x00421be9
0x00421bef
0x00421c17
0x00421c1e
0x00421c24
0x00421c27
0x00421c2a
0x00421c30
0x00421c33
0x00421bf1
0x00421bf1
0x00421bf7
0x00421bfa
0x00421bfd
0x00421c03
0x00421c06
0x00421c09
0x00421c0b
0x00421c0e
0x00421c0e
0x00000000
0x00421bef
0x00000000
0x00000000
0x00421e65
0x00421e68
0x00421e6b
0x00421e6e
0x00421e74
0x00421e77
0x00421e7e
0x00421e82
0x00421e8d
0x00421e8d
0x00421e91
0x00421ea8
0x00421ea8
0x00421eaf
0x00421eb1
0x00421eb1
0x00421eb8
0x00421eb8
0x00421ebf
0x00421ed0
0x00421edf
0x00421ee2
0x00421ee6
0x00421efc
0x00421ee8
0x00421ee8
0x00421eeb
0x00421ef1
0x00421ef7
0x00421ef7
0x00421ee6
0x00421f06
0x00421f09
0x00421f0c
0x00421f0f
0x00421f12
0x00421f15
0x00421f1b
0x00421f21
0x00421f29
0x00421f2a
0x00421f2d
0x00421f2e
0x00421f31
0x00421f32
0x00421f39
0x00421f3a
0x00421f3d
0x00421f3e
0x00421f41
0x00421f42
0x00421f48
0x00421f49
0x00421f57
0x00421f59
0x00421f5f
0x00421f5f
0x00421f65
0x00421f67
0x00421f6b
0x00421f6d
0x00421f75
0x00421f76
0x00421f79
0x00421f7a
0x00421f88
0x00421f8a
0x00421f8a
0x00421f6b
0x00421f8d
0x00421f94
0x00421f97
0x00421f9c
0x00421f9c
0x00421fa2
0x00421fa4
0x00421fac
0x00421fad
0x00421fb0
0x00421fb1
0x00421fc0
0x00421fc2
0x00421fc2
0x00421fa2
0x00421fc5
0x00421fc8
0x00421fcb
0x00421fce
0x00421fd3
0x00421fd9
0x00421fdc
0x00421fdf
0x00421fdf
0x00421fe2
0x00421fe2
0x00421fe5
0x00421ff1
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00422302
0x00421e93
0x00421e93
0x00421e9a
0x00421e9d
0x00000000
0x00000000
0x00421e9f
0x00421e9f
0x00000000
0x00421e9f
0x00421e84
0x00421e84
0x00000000
0x00000000
0x00421b11
0x00421b14
0x00421b14
0x00421b1a
0x00421b75
0x00421b7d
0x00421b84
0x00421b8a
0x00421b90
0x00421b1c
0x00421b1c
0x00421b26
0x00421b2a
0x00421b32
0x00421b39
0x00421b46
0x00421b4d
0x00421b59
0x00421b5f
0x00421b66
0x00421b68
0x00421b68
0x00421b6f
0x00421b97
0x00421b9d
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00421ff9
0x00421ffc
0x00421fff
0x00422002
0x00000000
0x00000000
0x00421d57
0x00421d57
0x00421d63
0x00421d69
0x00421d6e
0x00421d70
0x00421e1a
0x00421e1d
0x00421e1d
0x00421e20
0x00421e34
0x00421e3a
0x00421e40
0x00421e22
0x00421e22
0x00421e2f
0x00421e2f
0x00421e42
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00421d76
0x00421d76
0x00421d76
0x00421d78
0x00421d86
0x00421d7a
0x00421d7a
0x00421d7a
0x00421d90
0x00421d96
0x00421d9c
0x00421da3
0x00421da5
0x00421daa
0x00421dac
0x00421db1
0x00421db6
0x00421db8
0x00421dbd
0x00421dc0
0x00421dc3
0x00421dc5
0x00421dc5
0x00421dc3
0x00421dc6
0x00421dcd
0x00421e15
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00421dcf
0x00421dcf
0x00421dd4
0x00421df0
0x00421df8
0x00421e02
0x00421e05
0x00421e0a
0x00000000
0x00421e0a
0x00000000
0x0042205c
0x0042205c
0x00422066
0x00422066
0x0042206c
0x0042206e
0x00422071
0x00422071
0x00422077
0x00422077
0x0042207a
0x0042207d
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x00422136
0x0042213a
0x00422142
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211b
0x0042211f
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f5
0x00422101
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220d9
0x004220dd
0x004220e5
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220ac
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422084
0x00422090
0x00422096
0x00422096
0x00422153
0x00422153
0x00422156
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00421c51
0x00421c51
0x00421c55
0x00421c63
0x00421c66
0x00421c57
0x00421c57
0x00421c57
0x00421c6c
0x00421c72
0x00421c78
0x00421c84
0x00421c8a
0x00421c8a
0x00421c90
0x00421cf7
0x00421cf7
0x00421cfb
0x00421cfd
0x00421d03
0x00421d03
0x00421d06
0x00421d09
0x00421d0f
0x00421d0f
0x00421d0f
0x00421d1b
0x00421d1e
0x00421d24
0x00421d26
0x00000000
0x00000000
0x00421d28
0x00421d28
0x00421d2e
0x00421d31
0x00421d33
0x00000000
0x00000000
0x00421d35
0x00421d3b
0x00421d3e
0x00421d3e
0x00421d46
0x00421d46
0x00421d4c
0x00421d4c
0x00421d4f
0x00000000
0x00421c92
0x00421c92
0x00421c92
0x00421c96
0x00421c98
0x00421c9d
0x00421c9d
0x00421ca0
0x00421ca7
0x00421caa
0x00421cb0
0x00421cb0
0x00421cb0
0x00421cbc
0x00421cbf
0x00421cc5
0x00421cc7
0x00000000
0x00000000
0x00421cc9
0x00421cc9
0x00421ccf
0x00421cd2
0x00421cd4
0x00000000
0x00000000
0x00421cd6
0x00421cdc
0x00421cdf
0x00421cdf
0x00421ce7
0x00421ced
0x00421cf0
0x00421cf2
0x00421d52
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00000000
0x0042200b
0x0042200b
0x0042207a
0x0042207a
0x0042207d
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x00422136
0x0042213a
0x00422142
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211b
0x0042211f
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f5
0x00422101
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220d9
0x004220dd
0x004220e5
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220ac
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422084
0x00422090
0x00422096
0x00422096
0x00422153
0x00422153
0x00422156
0x00000000
0x00000000
0x00000000
0x00422156
0x00000000
0x00422027
0x00422027
0x00422031
0x00422031
0x0042203b
0x0042203b
0x00422041
0x00422043
0x0042204d
0x0042204d
0x00422050
0x00422053
0x00422053
0x0042207a
0x0042207a
0x0042207d
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x00422136
0x0042213a
0x00422142
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211b
0x0042211f
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f5
0x00422101
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220d9
0x004220dd
0x004220e5
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220ac
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422084
0x00422090
0x00422096
0x00422096
0x00422153
0x00422153
0x00422156
0x00000000
0x00000000
0x00000000
0x00422156
0x00000000
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00000000
0x004218c1
0x004218c4
0x004218c7
0x00000000
0x00000000
0x004218cc
0x004218cf
0x004218d4
0x00000000
0x00000000
0x004218b6
0x004218b6
0x004218b9
0x004218bc
0x00000000
0x00000000
0x004218ab
0x004218ae
0x004218b1
0x00000000
0x00000000
0x004218d9
0x004218d9
0x004218dc
0x004218dc
0x004218df
0x00000000
0x00000000
0x004218e2
0x00000000
0x00000000
0x0042167e
0x00421680
0x0042168e
0x00421682
0x00421682
0x00421682
0x00421698
0x0042169e
0x004216ab
0x004216ad
0x004216b2
0x004216b4
0x004216b9
0x004216be
0x004216c0
0x004216c5
0x004216cb
0x004216cd
0x004216cd
0x004216cb
0x004216ce
0x004216d5
0x00000000
0x004216d7
0x004216dc
0x004216f8
0x00421700
0x0042170d
0x00421712
0x004225d1
0x004225de
0x004225de
0x004216d5
0x00421678
0x0042250d
0x0042250d
0x00422514
0x0042252b
0x0042252b
0x00422535
0x00422535
0x0042253b
0x00422541
0x00422548
0x0042254a
0x0042254f
0x00422551
0x00422556
0x0042255b
0x0042255d
0x00422562
0x00422565
0x00422568
0x0042256a
0x0042256a
0x00422568
0x0042256b
0x00422572
0x004225bd
0x004225c6
0x004225cb
0x00422574
0x00422579
0x00422595
0x0042259d
0x004225aa
0x004225af
0x004225af
0x00000000
0x00422572
0x00422516
0x00422516
0x0042251d
0x00000000
0x00000000
0x0042251f
0x0042251f
0x00000000
0x0042251f
0x00422302
0x004222d9
0x004222d9
0x004222dd
0x004222ea
0x004222ed
0x004222f0
0x004222f3
0x004222f6
0x004222f9
0x004222fc
0x004222fc
0x004222ff
0x00000000
0x004222ff
0x004222df
0x004222df
0x004222e2
0x004222e5
0x004222e8
0x00000000
0x00000000
0x00000000
0x004222e8
0x00422241
0x00422241
0x00422244
0x00422247
0x0042224e
0x00422255
0x0042225d
0x00422263
0x00422266
0x00422269
0x00422270
0x0042227c
0x00422282
0x00422288
0x0042228f
0x00422291
0x00422297
0x00422297
0x0042229d
0x0042229d
0x004222a3
0x004222a6
0x004222ac
0x004222b1
0x004222b4
0x00422223
0x00422223
0x00422229
0x0042222c
0x0042222f
0x00422231
0x00000000
0x00000000
0x00000000
0x00422231
0x00422223
0x00422163
0x00422163
0x0042216a
0x00000000
0x00000000
0x00000000
0x00422198
0x00422198
0x0042219e
0x004221a4
0x004221aa
0x00000000
0x004221aa
0x0042207a
0x00422031
0x0042201b

APIs

_get_int64_arg.LIBCMTD ref: 00422088
__aullrem.LIBCMT ref: 00422255
__aulldiv.LIBCMT ref: 00422277

Strings

9, xrefs: 00422288
0, xrefs: 00422043

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: e9df7b2af13697c2032f7639700437f916cfe39d688a2a21f1aaa362067f392f
Instruction ID: cfbd0fd6fc58c188fc7cebbfc3ed5d0df2ef5efbec001edffb74f6817c75a935
Opcode Fuzzy Hash: e9df7b2af13697c2032f7639700437f916cfe39d688a2a21f1aaa362067f392f
Instruction Fuzzy Hash: 6B4104B1E05229EFDB24CF88DD89BAEBBB5BB44300F5081DAD408A7240C7795E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 004238C9 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E004238C9(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi) {
				signed int _t483;
				void* _t488;
				signed int _t490;
				void* _t498;
				intOrPtr _t501;
				signed int _t519;
				intOrPtr _t523;
				intOrPtr _t524;
				signed int _t525;
				void* _t527;

				L0:
				while(1) {
					L0:
					_t524 = __esi;
					_t523 = __edi;
					_t501 = __ebx;
					 *((intOrPtr*)(_t525 - 0x460)) = 0x27;
					while(1) {
						L145:
						 *(__ebp - 8) = 0x10;
						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
						__eflags =  *(__ebp - 0x10) & 0x00000080;
						if(( *(__ebp - 0x10) & 0x00000080) != 0) {
							__edx = 0x30;
							 *(__ebp - 0x14) = __dx;
							 *(__ebp - 0x460) =  *(__ebp - 0x460) + 0x51;
							__eflags =  *(__ebp - 0x460) + 0x51;
							 *(__ebp - 0x12) = __ax;
							 *(__ebp - 0x1c) = 2;
						}
						while(1) {
							L150:
							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
							__eflags =  *(__ebp - 0x10) & 0x00008000;
							if(( *(__ebp - 0x10) & 0x00008000) == 0) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
								__eflags =  *(__ebp - 0x10) & 0x00001000;
								if(( *(__ebp - 0x10) & 0x00001000) == 0) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
									__eflags =  *(__ebp - 0x10) & 0x00000020;
									if(( *(__ebp - 0x10) & 0x00000020) == 0) {
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
										__eflags =  *(__ebp - 0x10) & 0x00000040;
										if(( *(__ebp - 0x10) & 0x00000040) == 0) {
											__ecx = __ebp + 0x14;
											__eax = E0041C290(__ebp + 0x14);
											__edx = 0;
											__eflags = 0;
											 *(__ebp - 0x4a0) = __eax;
											 *(__ebp - 0x49c) = 0;
										} else {
											__eax = __ebp + 0x14;
											__eax = E0041C290(__ebp + 0x14);
											asm("cdq");
											 *(__ebp - 0x4a0) = __eax;
											 *(__ebp - 0x49c) = __edx;
										}
									} else {
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
										__eflags =  *(__ebp - 0x10) & 0x00000040;
										if(( *(__ebp - 0x10) & 0x00000040) == 0) {
											__ecx = __ebp + 0x14;
											E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
											asm("cdq");
											 *(__ebp - 0x4a0) = __ax & 0x0000ffff;
											 *(__ebp - 0x49c) = __edx;
										} else {
											__eax = __ebp + 0x14;
											__eax = E0041C290(__ebp + 0x14);
											__ax = __eax;
											asm("cdq");
											 *(__ebp - 0x4a0) = __eax;
											 *(__ebp - 0x49c) = __edx;
										}
									}
								} else {
									__eax = __ebp + 0x14;
									 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
									 *(__ebp - 0x49c) = __edx;
								}
							} else {
								__ecx = __ebp + 0x14;
								 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
								 *(__ebp - 0x49c) = __edx;
							}
							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
							__eflags =  *(__ebp - 0x10) & 0x00000040;
							if(( *(__ebp - 0x10) & 0x00000040) == 0) {
								goto L167;
							}
							L163:
							__eflags =  *(__ebp - 0x49c);
							if(__eflags > 0) {
								goto L167;
							}
							L164:
							if(__eflags < 0) {
								L166:
								 *(__ebp - 0x4a0) =  ~( *(__ebp - 0x4a0));
								__edx =  *(__ebp - 0x49c);
								asm("adc edx, 0x0");
								__edx =  ~( *(__ebp - 0x49c));
								 *(__ebp - 0x4a8) =  ~( *(__ebp - 0x4a0));
								 *(__ebp - 0x4a4) =  ~( *(__ebp - 0x49c));
								 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
								L168:
								 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
								__eflags =  *(__ebp - 0x10) & 0x00008000;
								if(( *(__ebp - 0x10) & 0x00008000) == 0) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
									__eflags =  *(__ebp - 0x10) & 0x00001000;
									if(( *(__ebp - 0x10) & 0x00001000) == 0) {
										__edx =  *(__ebp - 0x4a8);
										__eax =  *(__ebp - 0x4a4);
										__eax =  *(__ebp - 0x4a4) & 0x00000000;
										__eflags = __eax;
										 *(__ebp - 0x4a4) = __eax;
									}
								}
								__eflags =  *(__ebp - 0x30);
								if( *(__ebp - 0x30) >= 0) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
									__eflags =  *(__ebp - 0x30) - 0x200;
									if( *(__ebp - 0x30) > 0x200) {
										 *(__ebp - 0x30) = 0x200;
									}
								} else {
									 *(__ebp - 0x30) = 1;
								}
								 *(__ebp - 0x4a8) =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
								__eflags =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
								if(( *(__ebp - 0x4a8) |  *(__ebp - 0x4a4)) == 0) {
									 *(__ebp - 0x1c) = 0;
								}
								__eax = __ebp - 0x249;
								 *(__ebp - 4) = __ebp - 0x249;
								while(1) {
									L178:
									__ecx =  *(__ebp - 0x30);
									 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
									 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
									__eflags =  *(__ebp - 0x30);
									if( *(__ebp - 0x30) > 0) {
										goto L180;
									}
									L179:
									 *(__ebp - 0x4a8) =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
									__eflags =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
									if(( *(__ebp - 0x4a8) |  *(__ebp - 0x4a4)) == 0) {
										L183:
										__ebp - 0x249 = __ebp - 0x249 -  *(__ebp - 4);
										 *(__ebp - 0x24) = __ebp - 0x249 -  *(__ebp - 4);
										__ecx =  *(__ebp - 4);
										__ecx =  *(__ebp - 4) + 1;
										 *(__ebp - 4) = __ecx;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000200;
										__eflags =  *(__ebp - 0x10) & 0x00000200;
										if(( *(__ebp - 0x10) & 0x00000200) == 0) {
											while(1) {
												L187:
												__eflags =  *(__ebp - 0x28);
												if( *(__ebp - 0x28) != 0) {
													goto L212;
												}
												L188:
												 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
												__eflags =  *(__ebp - 0x10) & 0x00000040;
												if(( *(__ebp - 0x10) & 0x00000040) != 0) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000100;
													__eflags =  *(__ebp - 0x10) & 0x00000100;
													if(( *(__ebp - 0x10) & 0x00000100) == 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000001;
														__eflags =  *(__ebp - 0x10) & 0x00000001;
														if(( *(__ebp - 0x10) & 0x00000001) == 0) {
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000002;
															__eflags =  *(__ebp - 0x10) & 0x00000002;
															if(( *(__ebp - 0x10) & 0x00000002) != 0) {
																__edx = 0x20;
																 *(__ebp - 0x14) = __dx;
																 *(__ebp - 0x1c) = 1;
															}
														} else {
															__eax = 0x2b;
															 *(__ebp - 0x14) = __ax;
															 *(__ebp - 0x1c) = 1;
														}
													} else {
														__ecx = 0x2d;
														 *(__ebp - 0x14) = __cx;
														 *(__ebp - 0x1c) = 1;
													}
												}
												 *(__ebp - 0x18) =  *(__ebp - 0x18) -  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x18) -  *(__ebp - 0x24) -  *(__ebp - 0x1c);
												 *(__ebp - 0x4ac) =  *(__ebp - 0x18) -  *(__ebp - 0x24) -  *(__ebp - 0x1c);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x0000000c;
												__eflags =  *(__ebp - 0x10) & 0x0000000c;
												if(( *(__ebp - 0x10) & 0x0000000c) == 0) {
													__edx = __ebp - 0x44c;
													__eax =  *(__ebp + 8);
													__ecx =  *(__ebp - 0x4ac);
													__eax = E00423FF0(0x20,  *(__ebp - 0x4ac),  *(__ebp + 8), __ebp - 0x44c);
												}
												__edx = __ebp - 0x44c;
												__eax =  *(__ebp + 8);
												__ecx =  *(__ebp - 0x1c);
												__edx = __ebp - 0x14;
												E00424030( *(__ebp - 0x1c), __ebp - 0x14,  *(__ebp - 0x1c),  *(__ebp + 8), __ebp - 0x44c) =  *(__ebp - 0x10);
												__eax =  *(__ebp - 0x10) & 0x00000008;
												__eflags =  *(__ebp - 0x10) & 0x00000008;
												if(( *(__ebp - 0x10) & 0x00000008) != 0) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000004;
													__eflags =  *(__ebp - 0x10) & 0x00000004;
													if(( *(__ebp - 0x10) & 0x00000004) == 0) {
														__edx = __ebp - 0x44c;
														__eax =  *(__ebp + 8);
														__ecx =  *(__ebp - 0x4ac);
														__eax = E00423FF0(0x30,  *(__ebp - 0x4ac),  *(__ebp + 8), __ebp - 0x44c);
													}
												}
												__eflags =  *(__ebp - 0xc);
												if( *(__ebp - 0xc) != 0) {
													L208:
													__edx = __ebp - 0x44c;
													__eax =  *(__ebp + 8);
													__ecx =  *(__ebp - 0x24);
													__edx =  *(__ebp - 4);
													__eax = E00424030(__ecx,  *(__ebp - 4), __ecx,  *(__ebp + 8), __ebp - 0x44c);
													goto L209;
												} else {
													L201:
													__eflags =  *(__ebp - 0x24);
													if( *(__ebp - 0x24) <= 0) {
														goto L208;
													}
													L202:
													__edx =  *(__ebp - 4);
													 *(__ebp - 0x4b0) =  *(__ebp - 4);
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x4b4) =  *(__ebp - 0x24);
													while(1) {
														L203:
														__ecx =  *(__ebp - 0x4b4);
														 *(__ebp - 0x4b4) =  *(__ebp - 0x4b4) - 1;
														 *(__ebp - 0x4b4) =  *(__ebp - 0x4b4) - 1;
														__eflags = __ecx;
														if(__ecx <= 0) {
															break;
														}
														L204:
														__ecx = __ebp - 0x40;
														__eax = E0040D3B0(__ebp - 0x40);
														__ecx = __ebp - 0x40;
														E0040D3B0(__ebp - 0x40) =  *__eax;
														__ecx =  *(__ebp - 0x458 + 0xac);
														__edx =  *(__ebp - 0x4b0);
														__eax = __ebp - 0x458;
														 *(__ebp - 0x4b8) = E00419150(__ebp - 0x458,  *(__ebp - 0x4b0),  *(__ebp - 0x458 + 0xac), __ebp - 0x458);
														__eflags =  *(__ebp - 0x4b8);
														if( *(__ebp - 0x4b8) > 0) {
															L206:
															__ecx = __ebp - 0x44c;
															__edx =  *(__ebp + 8);
															 *(__ebp - 0x458) & 0x0000ffff = E00423F90( *(__ebp - 0x458) & 0x0000ffff,  *(__ebp + 8), __ebp - 0x44c);
															 *(__ebp - 0x4b0) =  *(__ebp - 0x4b0) +  *(__ebp - 0x4b8);
															 *(__ebp - 0x4b0) =  *(__ebp - 0x4b0) +  *(__ebp - 0x4b8);
															continue;
														}
														L205:
														 *(__ebp - 0x44c) = 0xffffffff;
														break;
													}
													L207:
													L209:
													__eflags =  *(__ebp - 0x44c);
													if( *(__ebp - 0x44c) >= 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000004;
														__eflags =  *(__ebp - 0x10) & 0x00000004;
														if(( *(__ebp - 0x10) & 0x00000004) != 0) {
															__ecx = __ebp - 0x44c;
															__edx =  *(__ebp + 8);
															 *(__ebp - 0x4ac) = E00423FF0(0x20,  *(__ebp - 0x4ac),  *(__ebp + 8), __ebp - 0x44c);
														}
													}
												}
												L212:
												__eflags =  *(__ebp - 0x20);
												if( *(__ebp - 0x20) != 0) {
													__ecx =  *(__ebp - 0x20);
													__eax = L0040C240( *(__ebp - 0x20), 2);
													 *(__ebp - 0x20) = 0;
												}
												while(1) {
													L214:
													 *(_t525 - 0x454) =  *((intOrPtr*)( *((intOrPtr*)(_t525 + 0xc))));
													_t502 =  *(_t525 - 0x454) & 0x0000ffff;
													 *((intOrPtr*)(_t525 + 0xc)) =  *((intOrPtr*)(_t525 + 0xc)) + 2;
													if(( *(_t525 - 0x454) & 0x0000ffff) == 0 ||  *(_t525 - 0x44c) < 0) {
														break;
													} else {
														if(( *(_t525 - 0x454) & 0x0000ffff) < 0x20 || ( *(_t525 - 0x454) & 0x0000ffff) > 0x78) {
															 *(_t525 - 0x4d8) = 0;
														} else {
															 *(_t525 - 0x4d8) =  *(( *(_t525 - 0x454) & 0x0000ffff) + L"pecifier\", 0)") & 0xf;
														}
													}
													L7:
													 *(_t525 - 0x450) =  *(_t525 - 0x4d8);
													_t519 =  *(_t525 - 0x450) * 9;
													_t490 =  *(_t525 - 0x45c);
													_t510 = ( *(_t519 + _t490 + 0x4083d0) & 0x000000ff) >> 4;
													 *(_t525 - 0x45c) = ( *(_t519 + _t490 + 0x4083d0) & 0x000000ff) >> 4;
													if( *(_t525 - 0x45c) != 8) {
														L16:
														 *(_t525 - 0x4e0) =  *(_t525 - 0x45c);
														__eflags =  *(_t525 - 0x4e0) - 7;
														if( *(_t525 - 0x4e0) > 7) {
															continue;
														}
														L17:
														switch( *((intOrPtr*)( *(_t525 - 0x4e0) * 4 +  &M00423E84))) {
															case 0:
																L18:
																 *(_t525 - 0xc) = 1;
																E00423F90( *(_t525 - 0x454) & 0x0000ffff,  *((intOrPtr*)(_t525 + 8)), _t525 - 0x44c);
																_t527 = _t527 + 0xc;
																goto L214;
															case 1:
																L19:
																 *(__ebp - 0x2c) = 0;
																__ecx =  *(__ebp - 0x2c);
																 *(__ebp - 0x28) = __ecx;
																__edx =  *(__ebp - 0x28);
																 *(__ebp - 0x18) =  *(__ebp - 0x28);
																__eax =  *(__ebp - 0x18);
																 *(__ebp - 0x1c) =  *(__ebp - 0x18);
																 *(__ebp - 0x10) = 0;
																 *(__ebp - 0x30) = 0xffffffff;
																 *(__ebp - 0xc) = 0;
																goto L214;
															case 2:
																L20:
																__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																 *(__ebp - 0x4e4) = __ecx;
																 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
																 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
																__eflags =  *(__ebp - 0x4e4) - 0x10;
																if( *(__ebp - 0x4e4) > 0x10) {
																	goto L27;
																}
																L21:
																_t57 =  *(__ebp - 0x4e4) + 0x423ebc; // 0x498d04
																__ecx =  *_t57 & 0x000000ff;
																switch( *((intOrPtr*)(__ecx * 4 +  &M00423EA4))) {
																	case 0:
																		goto L24;
																	case 1:
																		goto L25;
																	case 2:
																		goto L23;
																	case 3:
																		goto L22;
																	case 4:
																		goto L26;
																	case 5:
																		goto L27;
																}
															case 3:
																L28:
																__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x2a;
																if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
																	__edx =  *(__ebp - 0x18);
																	__edx =  *(__ebp - 0x18) * 0xa;
																	__eflags = __edx;
																	_t81 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
																	__ecx = __edx + _t81;
																	 *(__ebp - 0x18) = __ecx;
																} else {
																	__edx = __ebp + 0x14;
																	 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
																	__eflags =  *(__ebp - 0x18);
																	if( *(__ebp - 0x18) < 0) {
																		__eax =  *(__ebp - 0x10);
																		__eax =  *(__ebp - 0x10) | 0x00000004;
																		__eflags = __eax;
																		 *(__ebp - 0x10) = __eax;
																		__ecx =  *(__ebp - 0x18);
																		__ecx =  ~( *(__ebp - 0x18));
																		 *(__ebp - 0x18) = __ecx;
																	}
																}
																L33:
																goto L214;
															case 4:
																L34:
																 *(__ebp - 0x30) = 0;
																goto L214;
															case 5:
																L35:
																__edx =  *(__ebp - 0x454) & 0x0000ffff;
																__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x2a;
																if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
																	__ecx =  *(__ebp - 0x30);
																	__ecx =  *(__ebp - 0x30) * 0xa;
																	__eflags = __ecx;
																	_t92 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
																	__eax = __ecx + _t92;
																	 *(__ebp - 0x30) = __ecx + _t92;
																} else {
																	__eax = __ebp + 0x14;
																	 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
																	__eflags =  *(__ebp - 0x30);
																	if( *(__ebp - 0x30) < 0) {
																		 *(__ebp - 0x30) = 0xffffffff;
																	}
																}
																goto L214;
															case 6:
																L41:
																__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																 *(__ebp - 0x4e8) = __ecx;
																 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
																 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
																__eflags =  *(__ebp - 0x4e8) - 0x2e;
																if( *(__ebp - 0x4e8) > 0x2e) {
																	L64:
																	goto L214;
																}
																L42:
																_t100 =  *(__ebp - 0x4e8) + 0x423ee4; // 0x36f19003
																__ecx =  *_t100 & 0x000000ff;
																switch( *((intOrPtr*)(__ecx * 4 +  &M00423ED0))) {
																	case 0:
																		L47:
																		__ecx =  *(__ebp + 0xc);
																		__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																		__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x36;
																		if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x36) {
																			L50:
																			__ecx =  *(__ebp + 0xc);
																			__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																			__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x33;
																			if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x33) {
																				L53:
																				__ecx =  *(__ebp + 0xc);
																				__edx =  *__ecx & 0x0000ffff;
																				__eflags = ( *__ecx & 0x0000ffff) - 0x64;
																				if(( *__ecx & 0x0000ffff) == 0x64) {
																					L59:
																					L61:
																					goto L64;
																				}
																				L54:
																				__eax =  *(__ebp + 0xc);
																				__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																				__eflags = __ecx - 0x69;
																				if(__ecx == 0x69) {
																					goto L59;
																				}
																				L55:
																				__edx =  *(__ebp + 0xc);
																				__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																				__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x6f;
																				if(( *( *(__ebp + 0xc)) & 0x0000ffff) == 0x6f) {
																					goto L59;
																				}
																				L56:
																				__ecx =  *(__ebp + 0xc);
																				__edx =  *__ecx & 0x0000ffff;
																				__eflags = ( *__ecx & 0x0000ffff) - 0x75;
																				if(( *__ecx & 0x0000ffff) == 0x75) {
																					goto L59;
																				}
																				L57:
																				__eax =  *(__ebp + 0xc);
																				__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																				__eflags = __ecx - 0x78;
																				if(__ecx == 0x78) {
																					goto L59;
																				}
																				L58:
																				__edx =  *(__ebp + 0xc);
																				__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																				__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x58;
																				if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x58) {
																					 *(__ebp - 0x45c) = 0;
																					goto L18;
																				}
																				goto L59;
																			}
																			L51:
																			__eax =  *(__ebp + 0xc);
																			__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
																			__eflags = __ecx - 0x32;
																			if(__ecx != 0x32) {
																				goto L53;
																			} else {
																				 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																				 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
																				goto L61;
																			}
																		}
																		L48:
																		__eax =  *(__ebp + 0xc);
																		__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
																		__eflags = __ecx - 0x34;
																		if(__ecx != 0x34) {
																			goto L50;
																		} else {
																			 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																			 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
																			goto L61;
																		}
																	case 1:
																		L62:
																		__ecx =  *(__ebp - 0x10);
																		__ecx =  *(__ebp - 0x10) | 0x00000020;
																		 *(__ebp - 0x10) = __ecx;
																		goto L64;
																	case 2:
																		L43:
																		__edx =  *(__ebp + 0xc);
																		__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																		__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x6c;
																		if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x6c) {
																			__eax =  *(__ebp - 0x10);
																			__eax =  *(__ebp - 0x10) | 0x00000010;
																			__eflags = __eax;
																			 *(__ebp - 0x10) = __eax;
																		} else {
																			__ecx =  *(__ebp + 0xc);
																			__ecx =  *(__ebp + 0xc) + 2;
																			 *(__ebp + 0xc) = __ecx;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																		}
																		goto L64;
																	case 3:
																		L63:
																		__edx =  *(__ebp - 0x10);
																		__edx =  *(__ebp - 0x10) | 0x00000800;
																		__eflags = __edx;
																		 *(__ebp - 0x10) = __edx;
																		goto L64;
																	case 4:
																		goto L64;
																}
															case 7:
																L65:
																__eax =  *(__ebp - 0x454) & 0x0000ffff;
																 *(__ebp - 0x4ec) =  *(__ebp - 0x454) & 0x0000ffff;
																__ecx =  *(__ebp - 0x4ec);
																__ecx =  *(__ebp - 0x4ec) - 0x41;
																 *(__ebp - 0x4ec) = __ecx;
																__eflags =  *(__ebp - 0x4ec) - 0x37;
																if( *(__ebp - 0x4ec) > 0x37) {
																	while(1) {
																		L187:
																		__eflags =  *(__ebp - 0x28);
																		if( *(__ebp - 0x28) != 0) {
																			goto L212;
																		}
																		goto L188;
																	}
																}
																L66:
																_t141 =  *(__ebp - 0x4ec) + 0x423f50; // 0xcccccc0d
																__eax =  *_t141 & 0x000000ff;
																switch( *((intOrPtr*)(( *_t141 & 0x000000ff) * 4 +  &M00423F14))) {
																	case 0:
																		L120:
																		 *(__ebp - 0x2c) = 1;
																		 *(__ebp - 0x454) & 0x0000ffff = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
																		__eflags = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
																		 *(__ebp - 0x454) = __ax;
																		goto L121;
																	case 1:
																		L67:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																		__eflags =  *(__ebp - 0x10) & 0x00000830;
																		if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																			__edx =  *(__ebp - 0x10);
																			__edx =  *(__ebp - 0x10) | 0x00000020;
																			__eflags = __edx;
																			 *(__ebp - 0x10) = __edx;
																		}
																		goto L69;
																	case 2:
																		L82:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																		__eflags =  *(__ebp - 0x10) & 0x00000830;
																		if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																			__ecx =  *(__ebp - 0x10);
																			__ecx =  *(__ebp - 0x10) | 0x00000020;
																			__eflags = __ecx;
																			 *(__ebp - 0x10) = __ecx;
																		}
																		goto L84;
																	case 3:
																		L144:
																		 *(__ebp - 0x460) = 7;
																		L145:
																		 *(__ebp - 8) = 0x10;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																		__eflags =  *(__ebp - 0x10) & 0x00000080;
																		if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																			__edx = 0x30;
																			 *(__ebp - 0x14) = __dx;
																			 *(__ebp - 0x460) =  *(__ebp - 0x460) + 0x51;
																			__eflags =  *(__ebp - 0x460) + 0x51;
																			 *(__ebp - 0x12) = __ax;
																			 *(__ebp - 0x1c) = 2;
																		}
																		goto L150;
																	case 4:
																		L75:
																		__eax = __ebp + 0x14;
																		 *(__ebp - 0x474) = E0041C290(__ebp + 0x14);
																		__eflags =  *(__ebp - 0x474);
																		if( *(__ebp - 0x474) == 0) {
																			L77:
																			__edx =  *0x60b4f0; // 0x407424
																			 *(__ebp - 4) = __edx;
																			__eax =  *(__ebp - 4);
																			 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																			L81:
																			goto L187;
																		}
																		L76:
																		__ecx =  *(__ebp - 0x474);
																		__eflags =  *(__ecx + 4);
																		if( *(__ecx + 4) != 0) {
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
																			__eflags =  *(__ebp - 0x10) & 0x00000800;
																			if(( *(__ebp - 0x10) & 0x00000800) == 0) {
																				 *(__ebp - 0xc) = 0;
																				__edx =  *(__ebp - 0x474);
																				__eax =  *(__edx + 4);
																				 *(__ebp - 4) =  *(__edx + 4);
																				__ecx =  *(__ebp - 0x474);
																				__edx =  *__ecx;
																				 *(__ebp - 0x24) =  *__ecx;
																			} else {
																				__edx =  *(__ebp - 0x474);
																				__eax =  *(__edx + 4);
																				 *(__ebp - 4) =  *(__edx + 4);
																				__ecx =  *(__ebp - 0x474);
																				__eax =  *__ecx;
																				asm("cdq");
																				 *__ecx - __edx =  *__ecx - __edx >> 1;
																				 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
																				 *(__ebp - 0xc) = 1;
																			}
																			goto L81;
																		}
																		goto L77;
																	case 5:
																		L121:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																		__edx = __ebp - 0x448;
																		 *(__ebp - 4) = __ebp - 0x448;
																		 *(__ebp - 0x44) = 0x200;
																		__eflags =  *(__ebp - 0x30);
																		if( *(__ebp - 0x30) >= 0) {
																			L123:
																			__eflags =  *(__ebp - 0x30);
																			if( *(__ebp - 0x30) != 0) {
																				L126:
																				__eflags =  *(__ebp - 0x30) - 0x200;
																				if( *(__ebp - 0x30) > 0x200) {
																					 *(__ebp - 0x30) = 0x200;
																				}
																				L128:
																				__eflags =  *(__ebp - 0x30) - 0xa3;
																				if( *(__ebp - 0x30) > 0xa3) {
																					__ecx =  *(__ebp - 0x30);
																					__ecx =  *(__ebp - 0x30) + 0x15d;
																					 *(__ebp - 0x20) = L0040B5C0( *(__ebp - 0x30) + 0x15d,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																					__eflags =  *(__ebp - 0x20);
																					if( *(__ebp - 0x20) == 0) {
																						 *(__ebp - 0x30) = 0xa3;
																					} else {
																						__edx =  *(__ebp - 0x20);
																						 *(__ebp - 4) =  *(__ebp - 0x20);
																						 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																						 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																					}
																				}
																				 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																				 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																				__edx =  *(__ebp + 0x14);
																				__eax =  *(__edx - 8);
																				__ecx =  *(__edx - 4);
																				 *(__ebp - 0x490) =  *(__edx - 8);
																				 *(__ebp - 0x48c) =  *(__edx - 4);
																				__ecx = __ebp - 0x40;
																				_push(E0040D3B0(__ebp - 0x40));
																				__edx =  *(__ebp - 0x2c);
																				_push( *(__ebp - 0x2c));
																				__eax =  *(__ebp - 0x30);
																				_push( *(__ebp - 0x30));
																				__ecx =  *(__ebp - 0x454);
																				_push( *(__ebp - 0x454));
																				__edx =  *(__ebp - 0x44);
																				_push( *(__ebp - 0x44));
																				__eax =  *(__ebp - 4);
																				_push( *(__ebp - 4));
																				__ecx = __ebp - 0x490;
																				_push(__ebp - 0x490);
																				__edx =  *0x60b3cc; // 0x7e8c4bdb
																				E00410200(__edx) =  *__eax();
																				__esp = __esp + 0x1c;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																				__eflags =  *(__ebp - 0x10) & 0x00000080;
																				if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																					__eflags =  *(__ebp - 0x30);
																					if( *(__ebp - 0x30) == 0) {
																						__ecx = __ebp - 0x40;
																						_push(E0040D3B0(__ebp - 0x40));
																						__ecx =  *(__ebp - 4);
																						_push( *(__ebp - 4));
																						__edx =  *0x60b3d8; // 0x7e8c4bdb
																						E00410200(__edx) =  *__eax();
																						__esp = __esp + 8;
																					}
																				}
																				__eax =  *(__ebp - 0x454) & 0x0000ffff;
																				__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x67;
																				if(( *(__ebp - 0x454) & 0x0000ffff) == 0x67) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																					__eflags =  *(__ebp - 0x10) & 0x00000080;
																					if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																						__ecx = __ebp - 0x40;
																						_push(E0040D3B0(__ebp - 0x40));
																						__edx =  *(__ebp - 4);
																						_push( *(__ebp - 4));
																						__eax =  *0x60b3d4; // 0x7e8c4bdb
																						__eax =  *__eax();
																						__esp = __esp + 8;
																					}
																				}
																				__ecx =  *(__ebp - 4);
																				__edx =  *( *(__ebp - 4));
																				__eflags =  *( *(__ebp - 4)) - 0x2d;
																				if( *( *(__ebp - 4)) == 0x2d) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																					__ecx =  *(__ebp - 4);
																					__ecx =  *(__ebp - 4) + 1;
																					__eflags = __ecx;
																					 *(__ebp - 4) = __ecx;
																				}
																				__edx =  *(__ebp - 4);
																				 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																				do {
																					L187:
																					__eflags =  *(__ebp - 0x28);
																					if( *(__ebp - 0x28) != 0) {
																						goto L212;
																					}
																					goto L188;
																				} while ( *(__ebp - 0x4ec) > 0x37);
																				goto L66;
																			}
																			L124:
																			__eax =  *(__ebp - 0x454) & 0x0000ffff;
																			__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x67;
																			if(( *(__ebp - 0x454) & 0x0000ffff) != 0x67) {
																				goto L126;
																			}
																			L125:
																			 *(__ebp - 0x30) = 1;
																			goto L128;
																		}
																		L122:
																		 *(__ebp - 0x30) = 6;
																		goto L128;
																	case 6:
																		L69:
																		 *(__ebp - 0xc) = 1;
																		__ebp + 0x14 = E0041C290(__ebp + 0x14);
																		 *(__ebp - 0x458) = __ax;
																		__ecx =  *(__ebp - 0x10);
																		__ecx =  *(__ebp - 0x10) & 0x00000020;
																		__eflags = __ecx;
																		if(__ecx == 0) {
																			__cx =  *(__ebp - 0x458);
																			 *(__ebp - 0x448) = __cx;
																		} else {
																			 *(__ebp - 0x458) & 0x0000ffff =  *(__ebp - 0x458) & 0xff;
																			 *(__ebp - 0x470) = __dl;
																			 *((char*)(__ebp - 0x46f)) = 0;
																			__ecx = __ebp - 0x40;
																			__eax = E0040D3B0(__ebp - 0x40);
																			__ecx = __ebp - 0x40;
																			E0040D3B0(__ebp - 0x40) =  *__eax;
																			__ecx =  *(__ebp - 0x448 + 0xac);
																			__edx = __ebp - 0x470;
																			__eax = __ebp - 0x448;
																			__eax = E00419150(__ebp - 0x448, __ebp - 0x470,  *(__ebp - 0x448 + 0xac), __ebp - 0x448);
																			__eflags = __eax;
																			if(__eax < 0) {
																				 *(__ebp - 0x28) = 1;
																			}
																		}
																		__edx = __ebp - 0x448;
																		 *(__ebp - 4) = __ebp - 0x448;
																		 *(__ebp - 0x24) = 1;
																		while(1) {
																			L187:
																			__eflags =  *(__ebp - 0x28);
																			if( *(__ebp - 0x28) != 0) {
																				goto L212;
																			}
																			goto L188;
																		}
																	case 7:
																		L141:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																		 *(__ebp - 8) = 0xa;
																		L150:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																		__eflags =  *(__ebp - 0x10) & 0x00008000;
																		if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																			__eflags =  *(__ebp - 0x10) & 0x00001000;
																			if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																				__eflags =  *(__ebp - 0x10) & 0x00000020;
																				if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																					__eflags =  *(__ebp - 0x10) & 0x00000040;
																					if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																						__ecx = __ebp + 0x14;
																						__eax = E0041C290(__ebp + 0x14);
																						__edx = 0;
																						__eflags = 0;
																						 *(__ebp - 0x4a0) = __eax;
																						 *(__ebp - 0x49c) = 0;
																					} else {
																						__eax = __ebp + 0x14;
																						__eax = E0041C290(__ebp + 0x14);
																						asm("cdq");
																						 *(__ebp - 0x4a0) = __eax;
																						 *(__ebp - 0x49c) = __edx;
																					}
																				} else {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																					__eflags =  *(__ebp - 0x10) & 0x00000040;
																					if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																						__ecx = __ebp + 0x14;
																						E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																						asm("cdq");
																						 *(__ebp - 0x4a0) = __ax & 0x0000ffff;
																						 *(__ebp - 0x49c) = __edx;
																					} else {
																						__eax = __ebp + 0x14;
																						__eax = E0041C290(__ebp + 0x14);
																						__ax = __eax;
																						asm("cdq");
																						 *(__ebp - 0x4a0) = __eax;
																						 *(__ebp - 0x49c) = __edx;
																					}
																				}
																			} else {
																				__eax = __ebp + 0x14;
																				 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																				 *(__ebp - 0x49c) = __edx;
																			}
																		} else {
																			__ecx = __ebp + 0x14;
																			 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																			 *(__ebp - 0x49c) = __edx;
																		}
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																		__eflags =  *(__ebp - 0x10) & 0x00000040;
																		if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																			goto L167;
																		}
																	case 8:
																		L106:
																		__eax = __ebp + 0x14;
																		 *(__ebp - 0x484) = E0041C290(__ebp + 0x14);
																		__eax = E00420F80();
																		__eflags = __eax;
																		if(__eax != 0) {
																			L116:
																			__ecx =  *(__ebp - 0x10);
																			__ecx =  *(__ebp - 0x10) & 0x00000020;
																			__eflags = __ecx;
																			if(__ecx == 0) {
																				__ecx =  *(__ebp - 0x484);
																				__edx =  *(__ebp - 0x44c);
																				 *__ecx =  *(__ebp - 0x44c);
																			} else {
																				__edx =  *(__ebp - 0x484);
																				__ax =  *(__ebp - 0x44c);
																				 *( *(__ebp - 0x484)) = __ax;
																			}
																			 *(__ebp - 0x28) = 1;
																			while(1) {
																				L187:
																				__eflags =  *(__ebp - 0x28);
																				if( *(__ebp - 0x28) != 0) {
																					goto L212;
																				}
																				goto L188;
																			}
																		}
																		L107:
																		__ecx = 0;
																		__eflags = 0;
																		if(0 == 0) {
																			 *(__ebp - 0x4f4) = 0;
																		} else {
																			 *(__ebp - 0x4f4) = 1;
																		}
																		__edx =  *(__ebp - 0x4f4);
																		 *(__ebp - 0x488) =  *(__ebp - 0x4f4);
																		__eflags =  *(__ebp - 0x488);
																		if( *(__ebp - 0x488) == 0) {
																			_push(L"(\"\'n\' format specifier disabled\", 0)");
																			_push(0);
																			_push(0x695);
																			_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																			_push(2);
																			__eax = L0040E1A0();
																			__esp = __esp + 0x14;
																			__eflags = __eax - 1;
																			if(__eax == 1) {
																				asm("int3");
																			}
																		}
																		__eflags =  *(__ebp - 0x488);
																		if( *(__ebp - 0x488) != 0) {
																			L115:
																			while(1) {
																				L187:
																				__eflags =  *(__ebp - 0x28);
																				if( *(__ebp - 0x28) != 0) {
																					goto L212;
																				}
																				goto L188;
																			}
																		} else {
																			L114:
																			 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
																			__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
																			 *(__ebp - 0x4cc) = 0xffffffff;
																			__ecx = __ebp - 0x40;
																			__eax = E0040D380(__ecx);
																			__eax =  *(__ebp - 0x4cc);
																			goto L225;
																		}
																	case 9:
																		L148:
																		 *(__ebp - 8) = 8;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																		__eflags =  *(__ebp - 0x10) & 0x00000080;
																		if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																			__edx =  *(__ebp - 0x10);
																			__edx =  *(__ebp - 0x10) | 0x00000200;
																			__eflags = __edx;
																			 *(__ebp - 0x10) = __edx;
																		}
																		while(1) {
																			L150:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																			__eflags =  *(__ebp - 0x10) & 0x00008000;
																			if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																				__eflags =  *(__ebp - 0x10) & 0x00001000;
																				if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																					__eflags =  *(__ebp - 0x10) & 0x00000020;
																					if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__edx = 0;
																							__eflags = 0;
																							 *(__ebp - 0x4a0) = __eax;
																							 *(__ebp - 0x49c) = 0;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							asm("cdq");
																							 *(__ebp - 0x4a0) = __eax;
																							 *(__ebp - 0x49c) = __edx;
																						}
																					} else {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																							asm("cdq");
																							 *(__ebp - 0x4a0) = __ax & 0x0000ffff;
																							 *(__ebp - 0x49c) = __edx;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__ax = __eax;
																							asm("cdq");
																							 *(__ebp - 0x4a0) = __eax;
																							 *(__ebp - 0x49c) = __edx;
																						}
																					}
																				} else {
																					__eax = __ebp + 0x14;
																					 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																					 *(__ebp - 0x49c) = __edx;
																				}
																			} else {
																				__ecx = __ebp + 0x14;
																				 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																				 *(__ebp - 0x49c) = __edx;
																			}
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																			__eflags =  *(__ebp - 0x10) & 0x00000040;
																			if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																				goto L167;
																			}
																			goto L163;
																		}
																	case 0xa:
																		L143:
																		 *(__ebp - 0x30) = 8;
																		goto L144;
																	case 0xb:
																		L84:
																		__eflags =  *(__ebp - 0x30) - 0xffffffff;
																		if( *(__ebp - 0x30) != 0xffffffff) {
																			__edx =  *(__ebp - 0x30);
																			 *(__ebp - 0x4f0) =  *(__ebp - 0x30);
																		} else {
																			 *(__ebp - 0x4f0) = 0x7fffffff;
																		}
																		__eax =  *(__ebp - 0x4f0);
																		 *(__ebp - 0x47c) =  *(__ebp - 0x4f0);
																		__ecx = __ebp + 0x14;
																		 *(__ebp - 4) = E0041C290(__ebp + 0x14);
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																		__eflags =  *(__ebp - 0x10) & 0x00000020;
																		if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																			L98:
																			__eflags =  *(__ebp - 4);
																			if( *(__ebp - 4) == 0) {
																				__ecx =  *0x60b4f4; // 0x407414
																				 *(__ebp - 4) = __ecx;
																			}
																			 *(__ebp - 0xc) = 1;
																			__edx =  *(__ebp - 4);
																			 *(__ebp - 0x480) =  *(__ebp - 4);
																			while(1) {
																				L101:
																				__eax =  *(__ebp - 0x47c);
																				__ecx =  *(__ebp - 0x47c);
																				__ecx =  *(__ebp - 0x47c) - 1;
																				 *(__ebp - 0x47c) = __ecx;
																				__eflags =  *(__ebp - 0x47c);
																				if( *(__ebp - 0x47c) == 0) {
																					break;
																				}
																				L102:
																				__edx =  *(__ebp - 0x480);
																				__eax =  *( *(__ebp - 0x480)) & 0x0000ffff;
																				__eflags =  *( *(__ebp - 0x480)) & 0x0000ffff;
																				if(( *( *(__ebp - 0x480)) & 0x0000ffff) == 0) {
																					break;
																				}
																				L103:
																				 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
																				 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
																			}
																			L104:
																			__edx =  *(__ebp - 0x480);
																			__edx =  *(__ebp - 0x480) -  *(__ebp - 4);
																			__eflags = __edx;
																			 *(__ebp - 0x24) = __edx;
																			goto L105;
																		} else {
																			L88:
																			__eflags =  *(__ebp - 4);
																			if( *(__ebp - 4) == 0) {
																				__eax =  *0x60b4f0; // 0x407424
																				 *(__ebp - 4) = __eax;
																			}
																			__ecx =  *(__ebp - 4);
																			 *(__ebp - 0x478) = __ecx;
																			 *(__ebp - 0x24) = 0;
																			while(1) {
																				L92:
																				__eax =  *(__ebp - 0x24);
																				__eflags =  *(__ebp - 0x24) -  *(__ebp - 0x47c);
																				if( *(__ebp - 0x24) >=  *(__ebp - 0x47c)) {
																					break;
																				}
																				L93:
																				__ecx =  *(__ebp - 0x478);
																				__edx =  *__ecx;
																				__eflags =  *__ecx;
																				if( *__ecx == 0) {
																					break;
																				}
																				L94:
																				__ecx = __ebp - 0x40;
																				E0040D3B0(__ebp - 0x40) =  *(__ebp - 0x478);
																				__ecx =  *( *(__ebp - 0x478)) & 0x000000ff;
																				__eax = E00419390( *( *(__ebp - 0x478)) & 0x000000ff,  *(__ebp - 0x478));
																				__eflags = __eax;
																				if(__eax != 0) {
																					__edx =  *(__ebp - 0x478);
																					__edx =  *(__ebp - 0x478) + 1;
																					__eflags = __edx;
																					 *(__ebp - 0x478) = __edx;
																				}
																				 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																				 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																				__edx =  *(__ebp - 0x24);
																				__edx =  *(__ebp - 0x24) + 1;
																				__eflags = __edx;
																				 *(__ebp - 0x24) = __edx;
																			}
																			L97:
																			L105:
																			while(1) {
																				L187:
																				__eflags =  *(__ebp - 0x28);
																				if( *(__ebp - 0x28) != 0) {
																					goto L212;
																				}
																				goto L188;
																			}
																		}
																	case 0xc:
																		L142:
																		 *(__ebp - 8) = 0xa;
																		while(1) {
																			L150:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																			__eflags =  *(__ebp - 0x10) & 0x00008000;
																			if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																				__eflags =  *(__ebp - 0x10) & 0x00001000;
																				if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																					__eflags =  *(__ebp - 0x10) & 0x00000020;
																					if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__edx = 0;
																							__eflags = 0;
																							 *(__ebp - 0x4a0) = __eax;
																							 *(__ebp - 0x49c) = 0;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							asm("cdq");
																							 *(__ebp - 0x4a0) = __eax;
																							 *(__ebp - 0x49c) = __edx;
																						}
																					} else {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																							asm("cdq");
																							 *(__ebp - 0x4a0) = __ax & 0x0000ffff;
																							 *(__ebp - 0x49c) = __edx;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__ax = __eax;
																							asm("cdq");
																							 *(__ebp - 0x4a0) = __eax;
																							 *(__ebp - 0x49c) = __edx;
																						}
																					}
																				} else {
																					__eax = __ebp + 0x14;
																					 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																					 *(__ebp - 0x49c) = __edx;
																				}
																			} else {
																				__ecx = __ebp + 0x14;
																				 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																				 *(__ebp - 0x49c) = __edx;
																			}
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																			__eflags =  *(__ebp - 0x10) & 0x00000040;
																			if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																				goto L167;
																			}
																			goto L163;
																		}
																	case 0xd:
																		goto L0;
																	case 0xe:
																		while(1) {
																			L187:
																			__eflags =  *(__ebp - 0x28);
																			if( *(__ebp - 0x28) != 0) {
																				goto L212;
																			}
																			goto L188;
																		}
																}
															case 8:
																L24:
																__ecx =  *(__ebp - 0x10);
																__ecx =  *(__ebp - 0x10) | 0x00000002;
																 *(__ebp - 0x10) = __ecx;
																goto L27;
															case 9:
																L25:
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																goto L27;
															case 0xa:
																L23:
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
																goto L27;
															case 0xb:
																L22:
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																goto L27;
															case 0xc:
																L26:
																__eax =  *(__ebp - 0x10);
																__eax =  *(__ebp - 0x10) | 0x00000008;
																__eflags = __eax;
																 *(__ebp - 0x10) = __eax;
																goto L27;
															case 0xd:
																L27:
																goto L214;
														}
													} else {
														_t517 = 0;
														if(0 == 0) {
															 *(_t525 - 0x4dc) = 0;
														} else {
															 *(_t525 - 0x4dc) = 1;
														}
														 *(_t525 - 0x46c) =  *(_t525 - 0x4dc);
														if( *(_t525 - 0x46c) == 0) {
															_push(L"(\"Incorrect format specifier\", 0)");
															_push(0);
															_push(0x460);
															_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
															_push(2);
															_t498 = L0040E1A0();
															_t527 = _t527 + 0x14;
															if(_t498 == 1) {
																asm("int3");
															}
														}
														L14:
														if( *(_t525 - 0x46c) != 0) {
															goto L16;
														} else {
															 *((intOrPtr*)(L0040EC70(_t510))) = 0x16;
															E00411A50(_t501, _t510, _t523, _t524, L"(\"Incorrect format specifier\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
															 *(_t525 - 0x4c8) = 0xffffffff;
															E0040D380(_t525 - 0x40);
															_t483 =  *(_t525 - 0x4c8);
															L225:
															return E00416CA0(_t483, _t501,  *(_t525 - 0x48) ^ _t525, _t517, _t523, _t524);
														}
													}
												}
												L215:
												__eflags =  *(_t525 - 0x45c);
												if( *(_t525 - 0x45c) == 0) {
													L218:
													 *(_t525 - 0x4f8) = 1;
													L219:
													_t517 =  *(_t525 - 0x4f8);
													 *(_t525 - 0x4bc) =  *(_t525 - 0x4f8);
													__eflags =  *(_t525 - 0x4bc);
													if( *(_t525 - 0x4bc) == 0) {
														_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
														_push(0);
														_push(0x8f5);
														_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
														_push(2);
														_t488 = L0040E1A0();
														_t527 = _t527 + 0x14;
														__eflags = _t488 - 1;
														if(_t488 == 1) {
															asm("int3");
														}
													}
													__eflags =  *(_t525 - 0x4bc);
													if( *(_t525 - 0x4bc) != 0) {
														 *(_t525 - 0x4d4) =  *(_t525 - 0x44c);
														E0040D380(_t525 - 0x40);
														_t483 =  *(_t525 - 0x4d4);
													} else {
														 *((intOrPtr*)(L0040EC70(_t502))) = 0x16;
														E00411A50(_t501, _t502, _t523, _t524, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
														 *(_t525 - 0x4d0) = 0xffffffff;
														E0040D380(_t525 - 0x40);
														_t483 =  *(_t525 - 0x4d0);
													}
													goto L225;
												}
												L216:
												__eflags =  *(_t525 - 0x45c) - 7;
												if( *(_t525 - 0x45c) == 7) {
													goto L218;
												}
												L217:
												 *(_t525 - 0x4f8) = 0;
												goto L219;
											}
										}
										L184:
										__eflags =  *(__ebp - 0x24);
										if( *(__ebp - 0x24) == 0) {
											L186:
											 *(__ebp - 4) =  *(__ebp - 4) - 1;
											 *(__ebp - 4) =  *(__ebp - 4) - 1;
											__eax =  *(__ebp - 4);
											 *( *(__ebp - 4)) = 0x30;
											__ecx =  *(__ebp - 0x24);
											__ecx =  *(__ebp - 0x24) + 1;
											__eflags = __ecx;
											 *(__ebp - 0x24) = __ecx;
											goto L187;
										}
										L185:
										__eax =  *(__ebp - 4);
										__ecx =  *( *(__ebp - 4));
										__eflags = __ecx - 0x30;
										if(__ecx == 0x30) {
											goto L187;
										}
										goto L186;
									}
									L180:
									__eax =  *(__ebp - 8);
									asm("cdq");
									__ecx =  *(__ebp - 0x4a4);
									__edx =  *(__ebp - 0x4a8);
									__eax = E0041CE40( *(__ebp - 0x4a8),  *(__ebp - 0x4a4),  *(__ebp - 8),  *(__ebp - 0x4a8));
									 *(__ebp - 0x494) = __eax;
									__eax =  *(__ebp - 8);
									asm("cdq");
									__eax =  *(__ebp - 0x4a4);
									__ecx =  *(__ebp - 0x4a8);
									 *(__ebp - 0x4a8) = E0041CDD0( *(__ebp - 0x4a8),  *(__ebp - 0x4a4),  *(__ebp - 8), __edx);
									 *(__ebp - 0x4a4) = __edx;
									__eflags =  *(__ebp - 0x494) - 0x39;
									if( *(__ebp - 0x494) > 0x39) {
										__edx =  *(__ebp - 0x494);
										__edx =  *(__ebp - 0x494) +  *(__ebp - 0x460);
										__eflags = __edx;
										 *(__ebp - 0x494) = __edx;
									}
									__eax =  *(__ebp - 4);
									 *( *(__ebp - 4)) =  *(__ebp - 0x494);
									 *(__ebp - 4) =  *(__ebp - 4) - 1;
									 *(__ebp - 4) =  *(__ebp - 4) - 1;
									L178:
									__ecx =  *(__ebp - 0x30);
									 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
									 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
									__eflags =  *(__ebp - 0x30);
									if( *(__ebp - 0x30) > 0) {
										goto L180;
									}
									goto L179;
								}
							}
							L165:
							__eflags =  *(__ebp - 0x4a0);
							if( *(__ebp - 0x4a0) >= 0) {
								goto L167;
							}
							goto L166;
							L167:
							__ecx =  *(__ebp - 0x4a0);
							 *(__ebp - 0x4a8) =  *(__ebp - 0x4a0);
							__edx =  *(__ebp - 0x49c);
							 *(__ebp - 0x4a4) =  *(__ebp - 0x49c);
							goto L168;
						}
					}
				}
			}

0x004238c9
0x004238c9
0x004238c9
0x004238c9
0x004238c9
0x004238c9
0x004238c9
0x004238d3
0x004238d3
0x004238d3
0x004238dd
0x004238dd
0x004238e3
0x004238e5
0x004238ea
0x004238f4
0x004238f4
0x004238f7
0x004238fb
0x004238fb
0x00423922
0x00423922
0x00423925
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239de
0x004239e2
0x004239ea
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c3
0x004239c7
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x0042399d
0x004239a9
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423981
0x00423985
0x0042398d
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423954
0x00423960
0x00423966
0x00423966
0x0042392c
0x0042392c
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00423a00
0x00423a00
0x00423a07
0x00000000
0x00000000
0x00423a09
0x00423a09
0x00423a14
0x00423a1a
0x00423a1c
0x00423a22
0x00423a25
0x00423a27
0x00423a2d
0x00423a36
0x00423a3b
0x00423a58
0x00423a5b
0x00423a5b
0x00423a60
0x00423a65
0x00423a65
0x00423a6b
0x00423a6d
0x00423a73
0x00423a79
0x00423a79
0x00423a82
0x00423a82
0x00423a6b
0x00423a88
0x00423a8c
0x00423a9a
0x00423a9d
0x00423aa0
0x00423aa7
0x00423aa9
0x00423aa9
0x00423a8e
0x00423a8e
0x00423a8e
0x00423ab6
0x00423ab6
0x00423abc
0x00423abe
0x00423abe
0x00423ac5
0x00423acb
0x00423ace
0x00423ace
0x00423ace
0x00423ad4
0x00423ad7
0x00423ada
0x00423adc
0x00000000
0x00000000
0x00423ade
0x00423ae4
0x00423ae4
0x00423aea
0x00423b67
0x00423b6d
0x00423b70
0x00423b73
0x00423b76
0x00423b79
0x00423b7f
0x00423b7f
0x00423b85
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00423bba
0x00423bbd
0x00423bbd
0x00423bc0
0x00423bc5
0x00423bc5
0x00423bca
0x00423be1
0x00423be1
0x00423be4
0x00423bfb
0x00423bfb
0x00423bfe
0x00423c00
0x00423c05
0x00423c09
0x00423c09
0x00423be6
0x00423be6
0x00423beb
0x00423bef
0x00423bef
0x00423bcc
0x00423bcc
0x00423bd1
0x00423bd5
0x00423bd5
0x00423bca
0x00423c13
0x00423c16
0x00423c19
0x00423c22
0x00423c22
0x00423c25
0x00423c27
0x00423c2e
0x00423c32
0x00423c3b
0x00423c40
0x00423c43
0x00423c4a
0x00423c4e
0x00423c52
0x00423c5e
0x00423c61
0x00423c61
0x00423c64
0x00423c69
0x00423c69
0x00423c6c
0x00423c6e
0x00423c75
0x00423c79
0x00423c82
0x00423c87
0x00423c6c
0x00423c8a
0x00423c8e
0x00423d48
0x00423d48
0x00423d4f
0x00423d53
0x00423d57
0x00423d5b
0x00000000
0x00423c94
0x00423c94
0x00423c94
0x00423c98
0x00000000
0x00000000
0x00423c9e
0x00423c9e
0x00423ca1
0x00423ca7
0x00423caa
0x00423cb0
0x00423cb0
0x00423cb0
0x00423cbc
0x00423cbf
0x00423cc5
0x00423cc7
0x00000000
0x00000000
0x00423cc9
0x00423cc9
0x00423ccc
0x00423cd2
0x00423cda
0x00423cdc
0x00423ce3
0x00423cea
0x00423cf9
0x00423cff
0x00423d06
0x00423d14
0x00423d14
0x00423d1b
0x00423d27
0x00423d35
0x00423d3b
0x00000000
0x00423d3b
0x00423d08
0x00423d08
0x00000000
0x00423d08
0x00423d46
0x00423d63
0x00423d63
0x00423d6a
0x00423d6f
0x00423d6f
0x00423d72
0x00423d74
0x00423d7b
0x00423d88
0x00423d8d
0x00423d72
0x00423d6a
0x00423d90
0x00423d90
0x00423d94
0x00423d98
0x00423d9c
0x00423da4
0x00423da4
0x00423dab
0x00423dab
0x00422f2b
0x00422f32
0x00422f3f
0x00422f44
0x00000000
0x00422f57
0x00422f61
0x00422f88
0x00422f6f
0x00422f80
0x00422f80
0x00422f61
0x00422f92
0x00422f98
0x00422fa4
0x00422fa7
0x00422fb5
0x00422fb8
0x00422fc5
0x0042306a
0x00423070
0x00423076
0x0042307d
0x00000000
0x00000000
0x00423083
0x00423089
0x00000000
0x00423090
0x00423090
0x004230aa
0x004230af
0x00000000
0x00000000
0x004230b7
0x004230b7
0x004230be
0x004230c1
0x004230c4
0x004230c7
0x004230ca
0x004230cd
0x004230d0
0x004230d7
0x004230de
0x00000000
0x00000000
0x004230ea
0x004230ea
0x004230f1
0x004230fd
0x00423100
0x00423106
0x0042310d
0x00000000
0x00000000
0x0042310f
0x00423115
0x00423115
0x0042311c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423160
0x00423160
0x00423167
0x0042316a
0x00423194
0x00423197
0x00423197
0x004231a1
0x004231a1
0x004231a5
0x0042316c
0x0042316c
0x00423178
0x0042317b
0x0042317f
0x00423181
0x00423184
0x00423184
0x00423187
0x0042318a
0x0042318d
0x0042318f
0x0042318f
0x00423192
0x004231a8
0x00000000
0x00000000
0x004231ad
0x004231ad
0x00000000
0x00000000
0x004231b9
0x004231b9
0x004231c0
0x004231c3
0x004231e3
0x004231e6
0x004231e6
0x004231f0
0x004231f0
0x004231f4
0x004231c5
0x004231c5
0x004231d1
0x004231d4
0x004231d8
0x004231da
0x004231da
0x004231e1
0x00000000
0x00000000
0x004231fc
0x004231fc
0x00423203
0x0042320f
0x00423212
0x00423218
0x0042321f
0x00423332
0x00000000
0x00423332
0x00423225
0x0042322b
0x0042322b
0x00423232
0x00000000
0x00423269
0x00423269
0x0042326c
0x0042326f
0x00423272
0x00423299
0x00423299
0x0042329c
0x0042329f
0x004232a2
0x004232c6
0x004232c6
0x004232c9
0x004232cc
0x004232cf
0x00423308
0x00423319
0x00000000
0x00423319
0x004232d1
0x004232d1
0x004232d4
0x004232d7
0x004232da
0x00000000
0x00000000
0x004232dc
0x004232dc
0x004232df
0x004232e2
0x004232e5
0x00000000
0x00000000
0x004232e7
0x004232e7
0x004232ea
0x004232ed
0x004232f0
0x00000000
0x00000000
0x004232f2
0x004232f2
0x004232f5
0x004232f8
0x004232fb
0x00000000
0x00000000
0x004232fd
0x004232fd
0x00423300
0x00423303
0x00423306
0x0042330a
0x00000000
0x0042330a
0x00000000
0x00423306
0x004232a4
0x004232a4
0x004232a7
0x004232ab
0x004232ae
0x00000000
0x004232b0
0x004232b3
0x004232b6
0x004232bc
0x004232c1
0x00000000
0x004232c1
0x004232ae
0x00423274
0x00423274
0x00423277
0x0042327b
0x0042327e
0x00000000
0x00423280
0x00423283
0x00423286
0x0042328c
0x00423291
0x00000000
0x00423291
0x00000000
0x0042331b
0x0042331b
0x0042331e
0x00423321
0x00000000
0x00000000
0x00423239
0x00423239
0x0042323c
0x0042323f
0x00423242
0x0042325b
0x0042325e
0x0042325e
0x00423261
0x00423244
0x00423244
0x00423247
0x0042324a
0x00423250
0x00423256
0x00423256
0x00000000
0x00000000
0x00423326
0x00423326
0x00423329
0x00423329
0x0042332f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423337
0x00423337
0x0042333e
0x00423344
0x0042334a
0x0042334d
0x00423353
0x0042335a
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00423360
0x00423366
0x00423366
0x0042336d
0x00000000
0x004236f1
0x004236f1
0x004236ff
0x004236ff
0x00423702
0x00000000
0x00000000
0x00423374
0x00423377
0x00423377
0x0042337d
0x0042337f
0x00423382
0x00423382
0x00423385
0x00423385
0x00000000
0x00000000
0x004234ba
0x004234bd
0x004234bd
0x004234c2
0x004234c4
0x004234c7
0x004234c7
0x004234ca
0x004234ca
0x00000000
0x00000000
0x004238bd
0x004238bd
0x004238d3
0x004238d3
0x004238dd
0x004238dd
0x004238e3
0x004238e5
0x004238ea
0x004238f4
0x004238f4
0x004238f7
0x004238fb
0x004238fb
0x00000000
0x00000000
0x00423424
0x00423424
0x00423430
0x00423436
0x0042343d
0x0042344b
0x0042344b
0x00423451
0x00423454
0x00423460
0x004234b5
0x00000000
0x004234b5
0x0042343f
0x0042343f
0x00423445
0x00423449
0x00423468
0x00423468
0x0042346e
0x00423496
0x0042349d
0x004234a3
0x004234a6
0x004234a9
0x004234af
0x004234b2
0x00423470
0x00423470
0x00423476
0x00423479
0x0042347c
0x00423482
0x00423485
0x00423488
0x0042348a
0x0042348d
0x0042348d
0x00000000
0x0042346e
0x00000000
0x00000000
0x00423709
0x0042370c
0x0042370f
0x00423712
0x00423718
0x0042371b
0x00423722
0x00423726
0x00423731
0x00423731
0x00423735
0x0042374c
0x0042374c
0x00423753
0x00423755
0x00423755
0x0042375c
0x0042375c
0x00423763
0x00423771
0x00423774
0x00423783
0x00423786
0x0042378a
0x0042379f
0x0042378c
0x0042378c
0x0042378f
0x00423795
0x0042379a
0x0042379a
0x0042378a
0x004237a9
0x004237ac
0x004237af
0x004237b2
0x004237b5
0x004237b8
0x004237be
0x004237c4
0x004237cc
0x004237cd
0x004237d0
0x004237d1
0x004237d4
0x004237d5
0x004237dc
0x004237dd
0x004237e0
0x004237e1
0x004237e4
0x004237e5
0x004237eb
0x004237ec
0x004237fb
0x004237fd
0x00423803
0x00423803
0x00423808
0x0042380a
0x0042380e
0x00423810
0x00423818
0x00423819
0x0042381c
0x0042381d
0x0042382c
0x0042382e
0x0042382e
0x0042380e
0x00423831
0x00423838
0x0042383b
0x00423840
0x00423840
0x00423846
0x00423848
0x00423850
0x00423851
0x00423854
0x00423855
0x00423863
0x00423865
0x00423865
0x00423846
0x00423868
0x0042386b
0x0042386e
0x00423871
0x00423876
0x0042387b
0x0042387e
0x00423881
0x00423881
0x00423884
0x00423884
0x00423887
0x00423893
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x00423bb0
0x00423737
0x00423737
0x0042373e
0x00423741
0x00000000
0x00000000
0x00423743
0x00423743
0x00000000
0x00423743
0x00423728
0x00423728
0x00000000
0x00000000
0x00423388
0x00423388
0x00423393
0x0042339b
0x004233a2
0x004233a5
0x004233a5
0x004233a8
0x00423401
0x00423408
0x004233aa
0x004233b1
0x004233b7
0x004233bd
0x004233c4
0x004233c7
0x004233cd
0x004233d5
0x004233d7
0x004233de
0x004233e5
0x004233ec
0x004233f4
0x004233f6
0x004233f8
0x004233f8
0x004233ff
0x0042340f
0x00423415
0x00423418
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x0042389b
0x0042389e
0x004238a1
0x004238a4
0x00423922
0x00423925
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239de
0x004239e2
0x004239ea
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c3
0x004239c7
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x0042399d
0x004239a9
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423981
0x00423985
0x0042398d
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423954
0x00423960
0x00423966
0x00423966
0x0042392c
0x0042392c
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00000000
0x004235fa
0x004235fa
0x00423606
0x0042360c
0x00423611
0x00423613
0x004236bd
0x004236bd
0x004236c0
0x004236c0
0x004236c3
0x004236d7
0x004236dd
0x004236e3
0x004236c5
0x004236c5
0x004236cb
0x004236d2
0x004236d2
0x004236e5
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00423619
0x00423619
0x00423619
0x0042361b
0x00423629
0x0042361d
0x0042361d
0x0042361d
0x00423633
0x00423639
0x0042363f
0x00423646
0x00423648
0x0042364d
0x0042364f
0x00423654
0x00423659
0x0042365b
0x00423660
0x00423663
0x00423666
0x00423668
0x00423668
0x00423666
0x00423669
0x00423670
0x004236b8
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423672
0x00423672
0x00423677
0x00423693
0x0042369b
0x004236a5
0x004236a8
0x004236ad
0x00000000
0x004236ad
0x00000000
0x00423904
0x00423904
0x0042390e
0x0042390e
0x00423914
0x00423916
0x00423919
0x00423919
0x0042391f
0x0042391f
0x00423922
0x00423922
0x00423925
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239de
0x004239e2
0x004239ea
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c3
0x004239c7
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x0042399d
0x004239a9
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423981
0x00423985
0x0042398d
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423954
0x00423960
0x00423966
0x00423966
0x0042392c
0x0042392c
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00000000
0x004239fe
0x00000000
0x004238b6
0x004238b6
0x00000000
0x00000000
0x004234cd
0x004234cd
0x004234d1
0x004234df
0x004234e2
0x004234d3
0x004234d3
0x004234d3
0x004234e8
0x004234ee
0x004234f4
0x00423500
0x00423506
0x00423506
0x00423509
0x00423591
0x00423591
0x00423595
0x00423597
0x0042359d
0x0042359d
0x004235a0
0x004235a7
0x004235aa
0x004235b0
0x004235b0
0x004235b0
0x004235b6
0x004235bc
0x004235bf
0x004235c5
0x004235c7
0x00000000
0x00000000
0x004235c9
0x004235c9
0x004235cf
0x004235d2
0x004235d4
0x00000000
0x00000000
0x004235d6
0x004235dc
0x004235df
0x004235df
0x004235e7
0x004235e7
0x004235ed
0x004235ed
0x004235f2
0x00000000
0x0042350f
0x0042350f
0x0042350f
0x00423513
0x00423515
0x0042351a
0x0042351a
0x0042351d
0x00423520
0x00423526
0x00423538
0x00423538
0x00423538
0x0042353b
0x00423541
0x00000000
0x00000000
0x00423543
0x00423543
0x00423549
0x0042354c
0x0042354e
0x00000000
0x00000000
0x00423550
0x00423550
0x00423559
0x0042355f
0x00423563
0x0042356b
0x0042356d
0x0042356f
0x00423575
0x00423575
0x00423578
0x00423578
0x00423584
0x00423587
0x0042352f
0x00423532
0x00423532
0x00423535
0x00423535
0x0042358f
0x004235f5
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00000000
0x004238ad
0x004238ad
0x00423922
0x00423922
0x00423925
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239de
0x004239e2
0x004239ea
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c3
0x004239c7
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x0042399d
0x004239a9
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423981
0x00423985
0x0042398d
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423954
0x00423960
0x00423966
0x00423966
0x0042392c
0x0042392c
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00000000
0x004239fe
0x00000000
0x00000000
0x00000000
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x00000000
0x00423139
0x00423139
0x0042313c
0x0042313f
0x00000000
0x00000000
0x00423144
0x00423147
0x0042314d
0x00000000
0x00000000
0x0042312e
0x00423131
0x00423134
0x00000000
0x00000000
0x00423123
0x00423126
0x00423129
0x00000000
0x00000000
0x00423152
0x00423152
0x00423155
0x00423155
0x00423158
0x00000000
0x00000000
0x0042315b
0x00000000
0x00000000
0x00422fcb
0x00422fcb
0x00422fcd
0x00422fdb
0x00422fcf
0x00422fcf
0x00422fcf
0x00422feb
0x00422ff8
0x00422ffa
0x00422fff
0x00423001
0x00423006
0x0042300b
0x0042300d
0x00423012
0x00423018
0x0042301a
0x0042301a
0x00423018
0x0042301b
0x00423022
0x00000000
0x00423024
0x00423029
0x00423045
0x0042304d
0x0042305a
0x0042305f
0x00423e74
0x00423e81
0x00423e81
0x00423022
0x00422fc5
0x00423db0
0x00423db0
0x00423db7
0x00423dce
0x00423dce
0x00423dd8
0x00423dd8
0x00423dde
0x00423de4
0x00423deb
0x00423ded
0x00423df2
0x00423df4
0x00423df9
0x00423dfe
0x00423e00
0x00423e05
0x00423e08
0x00423e0b
0x00423e0d
0x00423e0d
0x00423e0b
0x00423e0e
0x00423e15
0x00423e60
0x00423e69
0x00423e6e
0x00423e17
0x00423e1c
0x00423e38
0x00423e40
0x00423e4d
0x00423e52
0x00423e52
0x00000000
0x00423e15
0x00423db9
0x00423db9
0x00423dc0
0x00000000
0x00000000
0x00423dc2
0x00423dc2
0x00000000
0x00423dc2
0x00423bb0
0x00423b87
0x00423b87
0x00423b8b
0x00423b98
0x00423b9b
0x00423b9e
0x00423ba1
0x00423ba4
0x00423ba7
0x00423baa
0x00423baa
0x00423bad
0x00000000
0x00423bad
0x00423b8d
0x00423b8d
0x00423b90
0x00423b93
0x00423b96
0x00000000
0x00000000
0x00000000
0x00423b96
0x00423aec
0x00423aec
0x00423aef
0x00423af2
0x00423af9
0x00423b00
0x00423b08
0x00423b0e
0x00423b11
0x00423b14
0x00423b1b
0x00423b27
0x00423b2d
0x00423b33
0x00423b3a
0x00423b3c
0x00423b42
0x00423b42
0x00423b48
0x00423b48
0x00423b4e
0x00423b57
0x00423b5c
0x00423b5f
0x00423ace
0x00423ace
0x00423ad4
0x00423ad7
0x00423ada
0x00423adc
0x00000000
0x00000000
0x00000000
0x00423adc
0x00423ace
0x00423a0b
0x00423a0b
0x00423a12
0x00000000
0x00000000
0x00000000
0x00423a40
0x00423a40
0x00423a46
0x00423a4c
0x00423a52
0x00000000
0x00423a52
0x00423922
0x004238d3

APIs

_get_int64_arg.LIBCMTD ref: 00423930
__aullrem.LIBCMT ref: 00423B00
__aulldiv.LIBCMT ref: 00423B22

Strings

9, xrefs: 00423B33
', xrefs: 004238C9

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$9
API String ID: 3120068967-1823400153
Opcode ID: bc6f1498b81e1650b0d75e935251ffcd63d470709da9179bfdeb0256e759645e
Instruction ID: 5e4b9bb586468828394977b9d1de0a10ad833fbeca2e10dab82a2f35c21ea91e
Opcode Fuzzy Hash: bc6f1498b81e1650b0d75e935251ffcd63d470709da9179bfdeb0256e759645e
Instruction Fuzzy Hash: DD4116B1E101299FDB24CF48D881BAEB7B5FF85315F5040AAE289AB241C7785E81CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041E053 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E0041E053(void* __ebx, void* __esi) {
				signed int _t74;
				intOrPtr _t75;
				void* _t80;
				signed int _t84;
				void* _t92;
				void* _t97;
				signed int _t106;
				signed int _t108;
				signed int _t112;
				signed int _t113;
				intOrPtr _t114;
				signed int _t117;
				signed int _t119;
				signed int _t125;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t131;
				void* _t132;
				void* _t140;

				_t128 = __esi;
				_t97 = __ebx;
				_t113 =  *(_t129 + 0xc);
				 *_t113 = 0;
				if( *(_t129 + 0x10) != 0xffffffff &&  *(_t129 + 0x10) != 0x7fffffff &&  *(_t129 + 0x10) > 1) {
					_t140 =  *0x60a658 -  *(_t129 + 0x10) - 1; // 0xffffffff
					if(_t140 >= 0) {
						_t113 =  *(_t129 + 0x10) - 1;
						__eflags = _t113;
						 *(_t129 - 0x20) = _t113;
					} else {
						_t112 =  *0x60a658; // 0xffffffff
						 *(_t129 - 0x20) = _t112;
					}
					E00412D20(_t127,  *(_t129 + 0xc) + 1, 0xfe,  *(_t129 - 0x20));
					_t131 = _t131 + 0xc;
				}
				if( *(_t129 + 8) != 0) {
					_t113 =  *(_t129 + 8);
					 *_t113 = 0;
				}
				if( *(_t129 + 0x18) <=  *(_t129 + 0x10)) {
					_t113 =  *(_t129 + 0x18);
					 *(_t129 - 0x24) = _t113;
				} else {
					 *(_t129 - 0x24) =  *(_t129 + 0x10);
				}
				 *(_t129 - 8) =  *(_t129 - 0x24);
				asm("sbb edx, edx");
				_t114 = _t113 + 1;
				 *((intOrPtr*)(_t129 - 0x14)) = _t114;
				if(_t114 == 0) {
					_push(L"bufferSize <= INT_MAX");
					_push(0);
					_push(0x13f);
					_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c");
					_push(2);
					_t92 = L0040E1A0();
					_t131 = _t131 + 0x14;
					if(_t92 == 1) {
						asm("int3");
					}
				}
				if( *((intOrPtr*)(_t129 - 0x14)) != 0) {
					_t100 =  *(_t129 + 0xc);
					_t74 = L0041DAC0(_t97,  *(_t129 - 8), _t127, _t128,  *(_t129 + 0xc),  *((intOrPtr*)(_t129 + 0x14)),  *(_t129 - 8),  *((intOrPtr*)(_t129 + 0x1c)));
					_t132 = _t131 + 0x10;
					 *(_t129 - 0xc) = _t74;
					__eflags =  *(_t129 - 0xc) - 0xffffffff;
					if( *(_t129 - 0xc) != 0xffffffff) {
						_t117 =  *(_t129 - 0xc) + 1;
						 *(_t129 - 0xc) = _t117;
						__eflags =  *(_t129 + 0xc);
						if( *(_t129 + 0xc) == 0) {
							L45:
							__eflags =  *(_t129 + 8);
							if( *(_t129 + 8) != 0) {
								 *( *(_t129 + 8)) =  *(_t129 - 0xc);
							}
							_t75 =  *((intOrPtr*)(_t129 - 4));
							goto L48;
						}
						__eflags =  *(_t129 - 0xc) -  *(_t129 + 0x10);
						if( *(_t129 - 0xc) <=  *(_t129 + 0x10)) {
							L44:
							_t119 =  *(_t129 + 0xc) +  *(_t129 - 0xc);
							__eflags = _t119;
							 *((char*)(_t119 - 1)) = 0;
							goto L45;
						}
						__eflags =  *(_t129 + 0x18) - 0xffffffff;
						if( *(_t129 + 0x18) == 0xffffffff) {
							L43:
							 *(_t129 - 0xc) =  *(_t129 + 0x10);
							 *((intOrPtr*)(_t129 - 4)) = 0x50;
							goto L44;
						}
						 *( *(_t129 + 0xc)) = 0;
						__eflags =  *(_t129 + 0x10) - 0xffffffff;
						if( *(_t129 + 0x10) != 0xffffffff) {
							__eflags =  *(_t129 + 0x10) - 0x7fffffff;
							if( *(_t129 + 0x10) != 0x7fffffff) {
								__eflags =  *(_t129 + 0x10) - 1;
								if( *(_t129 + 0x10) > 1) {
									__eflags =  *0x60a658 -  *(_t129 + 0x10) - 1; // 0xffffffff
									if(__eflags >= 0) {
										_t106 =  *(_t129 + 0x10) - 1;
										__eflags = _t106;
										 *(_t129 - 0x2c) = _t106;
									} else {
										_t84 =  *0x60a658; // 0xffffffff
										 *(_t129 - 0x2c) = _t84;
									}
									_t117 =  *(_t129 - 0x2c);
									__eflags =  *(_t129 + 0xc) + 1;
									E00412D20(_t127,  *(_t129 + 0xc) + 1, 0xfe, _t117);
									_t132 = _t132 + 0xc;
								}
							}
						}
						_t104 =  *(_t129 + 0x10);
						__eflags =  *(_t129 - 0xc) -  *(_t129 + 0x10);
						asm("sbb edx, edx");
						 *(_t129 - 0x18) =  ~_t117;
						if( *(_t129 - 0xc) ==  *(_t129 + 0x10)) {
							_push(L"sizeInBytes > retsize");
							_push(0);
							_push(0x157);
							_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c");
							_push(2);
							_t80 = L0040E1A0();
							_t132 = _t132 + 0x14;
							__eflags = _t80 - 1;
							if(_t80 == 1) {
								asm("int3");
							}
						}
						__eflags =  *(_t129 - 0x18);
						if( *(_t129 - 0x18) != 0) {
							goto L43;
						} else {
							 *((intOrPtr*)(L0040EC70(_t104))) = 0x22;
							E00411A50(_t97, _t104, _t127, _t128, L"sizeInBytes > retsize", L"_wcstombs_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c", 0x157, 0);
							_t75 = 0x22;
							goto L48;
						}
					} else {
						__eflags =  *(_t129 + 0xc);
						if( *(_t129 + 0xc) != 0) {
							 *( *(_t129 + 0xc)) = 0;
							__eflags =  *(_t129 + 0x10) - 0xffffffff;
							if( *(_t129 + 0x10) != 0xffffffff) {
								__eflags =  *(_t129 + 0x10) - 0x7fffffff;
								if( *(_t129 + 0x10) != 0x7fffffff) {
									__eflags =  *(_t129 + 0x10) - 1;
									if( *(_t129 + 0x10) > 1) {
										__eflags =  *0x60a658 -  *(_t129 + 0x10) - 1; // 0xffffffff
										if(__eflags >= 0) {
											_t125 =  *(_t129 + 0x10) - 1;
											__eflags = _t125;
											 *(_t129 - 0x28) = _t125;
										} else {
											_t108 =  *0x60a658; // 0xffffffff
											 *(_t129 - 0x28) = _t108;
										}
										_t100 =  *(_t129 + 0xc) + 1;
										__eflags =  *(_t129 + 0xc) + 1;
										E00412D20(_t127,  *(_t129 + 0xc) + 1, 0xfe,  *(_t129 - 0x28));
									}
								}
							}
						}
						_t75 =  *((intOrPtr*)(L0040EC70(_t100)));
						L48:
						return _t75;
					}
				}
				 *((intOrPtr*)(L0040EC70(0x7fffffff))) = 0x16;
				E00411A50(_t97, 0x7fffffff, _t127, _t128, L"bufferSize <= INT_MAX", L"_wcstombs_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c", 0x13f, 0);
				_t75 = 0x16;
				goto L48;
			}

0x0041e053
0x0041e053
0x0041e053
0x0041e056
0x0041e05d
0x0041e074
0x0041e07a
0x0041e08a
0x0041e08a
0x0041e08d
0x0041e07c
0x0041e07c
0x0041e082
0x0041e082
0x0041e0a0
0x0041e0a5
0x0041e0a5
0x0041e0ac
0x0041e0ae
0x0041e0b1
0x0041e0b1
0x0041e0bd
0x0041e0c7
0x0041e0ca
0x0041e0bf
0x0041e0c2
0x0041e0c2
0x0041e0d0
0x0041e0db
0x0041e0dd
0x0041e0e0
0x0041e0e3
0x0041e0e5
0x0041e0ea
0x0041e0ec
0x0041e0f1
0x0041e0f6
0x0041e0f8
0x0041e0fd
0x0041e103
0x0041e105
0x0041e105
0x0041e103
0x0041e10a
0x0041e14b
0x0041e14f
0x0041e154
0x0041e157
0x0041e15a
0x0041e15e
0x0041e1ca
0x0041e1cd
0x0041e1d0
0x0041e1d4
0x0041e2c1
0x0041e2c1
0x0041e2c5
0x0041e2cd
0x0041e2cd
0x0041e2cf
0x00000000
0x0041e2cf
0x0041e1dd
0x0041e1e0
0x0041e2b7
0x0041e2ba
0x0041e2ba
0x0041e2bd
0x00000000
0x0041e2bd
0x0041e1e6
0x0041e1ea
0x0041e2aa
0x0041e2ad
0x0041e2b0
0x00000000
0x0041e2b0
0x0041e1f3
0x0041e1f6
0x0041e1fa
0x0041e1fc
0x0041e203
0x0041e205
0x0041e209
0x0041e211
0x0041e217
0x0041e226
0x0041e226
0x0041e229
0x0041e219
0x0041e219
0x0041e21e
0x0041e21e
0x0041e22c
0x0041e238
0x0041e23c
0x0041e241
0x0041e241
0x0041e209
0x0041e203
0x0041e244
0x0041e247
0x0041e24a
0x0041e24e
0x0041e251
0x0041e253
0x0041e258
0x0041e25a
0x0041e25f
0x0041e264
0x0041e266
0x0041e26b
0x0041e26e
0x0041e271
0x0041e273
0x0041e273
0x0041e271
0x0041e274
0x0041e278
0x00000000
0x0041e27a
0x0041e27f
0x0041e29b
0x0041e2a3
0x00000000
0x0041e2a3
0x0041e160
0x0041e160
0x0041e164
0x0041e169
0x0041e16c
0x0041e170
0x0041e172
0x0041e179
0x0041e17b
0x0041e17f
0x0041e187
0x0041e18d
0x0041e19d
0x0041e19d
0x0041e1a0
0x0041e18f
0x0041e18f
0x0041e195
0x0041e195
0x0041e1af
0x0041e1af
0x0041e1b3
0x0041e1b8
0x0041e17f
0x0041e179
0x0041e170
0x0041e1c0
0x0041e2d2
0x0041e2d5
0x0041e2d5
0x0041e15e
0x0041e111
0x0041e12d
0x0041e135
0x00000000

APIs

_memset.LIBCMT ref: 0041E0A0
__invalid_parameter.LIBCMTD ref: 0041E12D

Strings

bufferSize <= INT_MAX, xrefs: 0041E0E5, 0041E128
_wcstombs_s_l, xrefs: 0041E123
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c, xrefs: 0041E0F1, 0041E11E

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __invalid_parameter_memset
String ID: _wcstombs_s_l$bufferSize <= INT_MAX$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
API String ID: 3961059608-322421350
Opcode ID: 4d0d3e82a9ae9f2ef26ca1acc7f3abb43d3bd69333be4a9d56cab55e0e229715
Instruction ID: 6b707857749dd023e4c6af6a08091dc1fd03571c8efcd6bfc4c46db3db2cbe2a
Opcode Fuzzy Hash: 4d0d3e82a9ae9f2ef26ca1acc7f3abb43d3bd69333be4a9d56cab55e0e229715
Instruction Fuzzy Hash: C321B234E403499BDB24CF55CC45BEE7BA1FB54314F24466AEC152B3C0C3BA9A90CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0041DFC5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E0041DFC5(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				signed int _t85;
				intOrPtr _t86;
				void* _t91;
				signed int _t95;
				void* _t103;
				void* _t110;
				void* _t111;
				void* _t112;
				signed int _t121;
				signed int _t123;
				signed int _t127;
				signed int _t128;
				signed int _t129;
				signed int _t132;
				signed int _t134;
				signed int _t140;
				void* _t142;
				void* _t143;
				void* _t144;
				void* _t146;
				void* _t147;

				_t143 = __esi;
				_t142 = __edi;
				_t112 = __ecx;
				_t111 = __ebx;
				if( *(_t144 + 0x10) > 0 ||  *(_t144 + 0xc) == 0 &&  *(_t144 + 0x10) == 0) {
					 *((intOrPtr*)(_t144 - 0x1c)) = 1;
				} else {
					 *((intOrPtr*)(_t144 - 0x1c)) = 0;
				}
				 *((intOrPtr*)(_t144 - 0x10)) =  *((intOrPtr*)(_t144 - 0x1c));
				if( *((intOrPtr*)(_t144 - 0x10)) == 0) {
					_push(L"(dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0)");
					_push(0);
					_push(0x133);
					_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c");
					_push(2);
					_t110 = L0040E1A0();
					_t146 = _t146 + 0x14;
					if(_t110 == 1) {
						asm("int3");
					}
				}
				if( *((intOrPtr*)(_t144 - 0x10)) != 0) {
					__eflags =  *(_t144 + 0xc);
					if( *(_t144 + 0xc) != 0) {
						_t128 =  *(_t144 + 0xc);
						 *_t128 = 0;
						__eflags =  *(_t144 + 0x10) - 0xffffffff;
						if( *(_t144 + 0x10) != 0xffffffff) {
							__eflags =  *(_t144 + 0x10) - 0x7fffffff;
							if( *(_t144 + 0x10) != 0x7fffffff) {
								__eflags =  *(_t144 + 0x10) - 1;
								if( *(_t144 + 0x10) > 1) {
									__eflags =  *0x60a658 -  *(_t144 + 0x10) - 1; // 0xffffffff
									if(__eflags >= 0) {
										_t128 =  *(_t144 + 0x10) - 1;
										__eflags = _t128;
										 *(_t144 - 0x20) = _t128;
									} else {
										_t127 =  *0x60a658; // 0xffffffff
										 *(_t144 - 0x20) = _t127;
									}
									__eflags =  *(_t144 + 0xc) + 1;
									E00412D20(_t142,  *(_t144 + 0xc) + 1, 0xfe,  *(_t144 - 0x20));
									_t146 = _t146 + 0xc;
								}
							}
						}
					}
					__eflags =  *(_t144 + 8);
					if( *(_t144 + 8) != 0) {
						_t128 =  *(_t144 + 8);
						 *_t128 = 0;
					}
					__eflags =  *(_t144 + 0x18) -  *(_t144 + 0x10);
					if( *(_t144 + 0x18) <=  *(_t144 + 0x10)) {
						_t128 =  *(_t144 + 0x18);
						 *(_t144 - 0x24) = _t128;
					} else {
						 *(_t144 - 0x24) =  *(_t144 + 0x10);
					}
					 *(_t144 - 8) =  *(_t144 - 0x24);
					__eflags = 0x7fffffff -  *(_t144 - 8);
					asm("sbb edx, edx");
					_t129 = _t128 + 1;
					__eflags = _t129;
					 *(_t144 - 0x14) = _t129;
					if(_t129 == 0) {
						_push(L"bufferSize <= INT_MAX");
						_push(0);
						_push(0x13f);
						_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c");
						_push(2);
						_t103 = L0040E1A0();
						_t146 = _t146 + 0x14;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							asm("int3");
						}
					}
					__eflags =  *(_t144 - 0x14);
					if( *(_t144 - 0x14) != 0) {
						_t115 =  *(_t144 + 0xc);
						_t85 = L0041DAC0(_t111,  *(_t144 - 8), _t142, _t143,  *(_t144 + 0xc),  *((intOrPtr*)(_t144 + 0x14)),  *(_t144 - 8),  *((intOrPtr*)(_t144 + 0x1c)));
						_t147 = _t146 + 0x10;
						 *(_t144 - 0xc) = _t85;
						__eflags =  *(_t144 - 0xc) - 0xffffffff;
						if( *(_t144 - 0xc) != 0xffffffff) {
							_t132 =  *(_t144 - 0xc) + 1;
							 *(_t144 - 0xc) = _t132;
							__eflags =  *(_t144 + 0xc);
							if( *(_t144 + 0xc) == 0) {
								L56:
								__eflags =  *(_t144 + 8);
								if( *(_t144 + 8) != 0) {
									 *( *(_t144 + 8)) =  *(_t144 - 0xc);
								}
								_t86 =  *((intOrPtr*)(_t144 - 4));
								goto L59;
							}
							__eflags =  *(_t144 - 0xc) -  *(_t144 + 0x10);
							if( *(_t144 - 0xc) <=  *(_t144 + 0x10)) {
								L55:
								_t134 =  *(_t144 + 0xc) +  *(_t144 - 0xc);
								__eflags = _t134;
								 *((char*)(_t134 - 1)) = 0;
								goto L56;
							}
							__eflags =  *(_t144 + 0x18) - 0xffffffff;
							if( *(_t144 + 0x18) == 0xffffffff) {
								L54:
								 *(_t144 - 0xc) =  *(_t144 + 0x10);
								 *((intOrPtr*)(_t144 - 4)) = 0x50;
								goto L55;
							}
							 *( *(_t144 + 0xc)) = 0;
							__eflags =  *(_t144 + 0x10) - 0xffffffff;
							if( *(_t144 + 0x10) != 0xffffffff) {
								__eflags =  *(_t144 + 0x10) - 0x7fffffff;
								if( *(_t144 + 0x10) != 0x7fffffff) {
									__eflags =  *(_t144 + 0x10) - 1;
									if( *(_t144 + 0x10) > 1) {
										__eflags =  *0x60a658 -  *(_t144 + 0x10) - 1; // 0xffffffff
										if(__eflags >= 0) {
											_t121 =  *(_t144 + 0x10) - 1;
											__eflags = _t121;
											 *(_t144 - 0x2c) = _t121;
										} else {
											_t95 =  *0x60a658; // 0xffffffff
											 *(_t144 - 0x2c) = _t95;
										}
										_t132 =  *(_t144 - 0x2c);
										__eflags =  *(_t144 + 0xc) + 1;
										E00412D20(_t142,  *(_t144 + 0xc) + 1, 0xfe, _t132);
										_t147 = _t147 + 0xc;
									}
								}
							}
							_t119 =  *(_t144 + 0x10);
							__eflags =  *(_t144 - 0xc) -  *(_t144 + 0x10);
							asm("sbb edx, edx");
							 *(_t144 - 0x18) =  ~_t132;
							if( *(_t144 - 0xc) ==  *(_t144 + 0x10)) {
								_push(L"sizeInBytes > retsize");
								_push(0);
								_push(0x157);
								_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c");
								_push(2);
								_t91 = L0040E1A0();
								_t147 = _t147 + 0x14;
								__eflags = _t91 - 1;
								if(_t91 == 1) {
									asm("int3");
								}
							}
							__eflags =  *(_t144 - 0x18);
							if( *(_t144 - 0x18) != 0) {
								goto L54;
							} else {
								 *((intOrPtr*)(L0040EC70(_t119))) = 0x22;
								E00411A50(_t111, _t119, _t142, _t143, L"sizeInBytes > retsize", L"_wcstombs_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c", 0x157, 0);
								_t86 = 0x22;
								goto L59;
							}
						} else {
							__eflags =  *(_t144 + 0xc);
							if( *(_t144 + 0xc) != 0) {
								 *( *(_t144 + 0xc)) = 0;
								__eflags =  *(_t144 + 0x10) - 0xffffffff;
								if( *(_t144 + 0x10) != 0xffffffff) {
									__eflags =  *(_t144 + 0x10) - 0x7fffffff;
									if( *(_t144 + 0x10) != 0x7fffffff) {
										__eflags =  *(_t144 + 0x10) - 1;
										if( *(_t144 + 0x10) > 1) {
											__eflags =  *0x60a658 -  *(_t144 + 0x10) - 1; // 0xffffffff
											if(__eflags >= 0) {
												_t140 =  *(_t144 + 0x10) - 1;
												__eflags = _t140;
												 *(_t144 - 0x28) = _t140;
											} else {
												_t123 =  *0x60a658; // 0xffffffff
												 *(_t144 - 0x28) = _t123;
											}
											_t115 =  *(_t144 + 0xc) + 1;
											__eflags =  *(_t144 + 0xc) + 1;
											E00412D20(_t142,  *(_t144 + 0xc) + 1, 0xfe,  *(_t144 - 0x28));
										}
									}
								}
							}
							_t86 =  *((intOrPtr*)(L0040EC70(_t115)));
							goto L59;
						}
					} else {
						 *((intOrPtr*)(L0040EC70(0x7fffffff))) = 0x16;
						E00411A50(_t111, 0x7fffffff, _t142, _t143, L"bufferSize <= INT_MAX", L"_wcstombs_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c", 0x13f, 0);
						_t86 = 0x16;
						goto L59;
					}
				} else {
					 *((intOrPtr*)(L0040EC70(_t112))) = 0x16;
					E00411A50(_t111, _t112, _t142, _t143, L"(dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0)", L"_wcstombs_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c", 0x133, 0);
					_t86 = 0x16;
					L59:
					return _t86;
				}
			}

0x0041dfc5
0x0041dfc5
0x0041dfc5
0x0041dfc5
0x0041dfc9
0x0041dfe0
0x0041dfd7
0x0041dfd7
0x0041dfd7
0x0041dfea
0x0041dff1
0x0041dff3
0x0041dff8
0x0041dffa
0x0041dfff
0x0041e004
0x0041e006
0x0041e00b
0x0041e011
0x0041e013
0x0041e013
0x0041e011
0x0041e018
0x0041e04d
0x0041e051
0x0041e053
0x0041e056
0x0041e059
0x0041e05d
0x0041e05f
0x0041e066
0x0041e068
0x0041e06c
0x0041e074
0x0041e07a
0x0041e08a
0x0041e08a
0x0041e08d
0x0041e07c
0x0041e07c
0x0041e082
0x0041e082
0x0041e09c
0x0041e0a0
0x0041e0a5
0x0041e0a5
0x0041e06c
0x0041e066
0x0041e05d
0x0041e0a8
0x0041e0ac
0x0041e0ae
0x0041e0b1
0x0041e0b1
0x0041e0ba
0x0041e0bd
0x0041e0c7
0x0041e0ca
0x0041e0bf
0x0041e0c2
0x0041e0c2
0x0041e0d0
0x0041e0d8
0x0041e0db
0x0041e0dd
0x0041e0dd
0x0041e0e0
0x0041e0e3
0x0041e0e5
0x0041e0ea
0x0041e0ec
0x0041e0f1
0x0041e0f6
0x0041e0f8
0x0041e0fd
0x0041e100
0x0041e103
0x0041e105
0x0041e105
0x0041e103
0x0041e106
0x0041e10a
0x0041e14b
0x0041e14f
0x0041e154
0x0041e157
0x0041e15a
0x0041e15e
0x0041e1ca
0x0041e1cd
0x0041e1d0
0x0041e1d4
0x0041e2c1
0x0041e2c1
0x0041e2c5
0x0041e2cd
0x0041e2cd
0x0041e2cf
0x00000000
0x0041e2cf
0x0041e1dd
0x0041e1e0
0x0041e2b7
0x0041e2ba
0x0041e2ba
0x0041e2bd
0x00000000
0x0041e2bd
0x0041e1e6
0x0041e1ea
0x0041e2aa
0x0041e2ad
0x0041e2b0
0x00000000
0x0041e2b0
0x0041e1f3
0x0041e1f6
0x0041e1fa
0x0041e1fc
0x0041e203
0x0041e205
0x0041e209
0x0041e211
0x0041e217
0x0041e226
0x0041e226
0x0041e229
0x0041e219
0x0041e219
0x0041e21e
0x0041e21e
0x0041e22c
0x0041e238
0x0041e23c
0x0041e241
0x0041e241
0x0041e209
0x0041e203
0x0041e244
0x0041e247
0x0041e24a
0x0041e24e
0x0041e251
0x0041e253
0x0041e258
0x0041e25a
0x0041e25f
0x0041e264
0x0041e266
0x0041e26b
0x0041e26e
0x0041e271
0x0041e273
0x0041e273
0x0041e271
0x0041e274
0x0041e278
0x00000000
0x0041e27a
0x0041e27f
0x0041e29b
0x0041e2a3
0x00000000
0x0041e2a3
0x0041e160
0x0041e160
0x0041e164
0x0041e169
0x0041e16c
0x0041e170
0x0041e172
0x0041e179
0x0041e17b
0x0041e17f
0x0041e187
0x0041e18d
0x0041e19d
0x0041e19d
0x0041e1a0
0x0041e18f
0x0041e18f
0x0041e195
0x0041e195
0x0041e1af
0x0041e1af
0x0041e1b3
0x0041e1b8
0x0041e17f
0x0041e179
0x0041e170
0x0041e1c0
0x00000000
0x0041e1c0
0x0041e10c
0x0041e111
0x0041e12d
0x0041e135
0x00000000
0x0041e135
0x0041e01a
0x0041e01f
0x0041e03b
0x0041e043
0x0041e2d2
0x0041e2d5
0x0041e2d5

APIs

__invalid_parameter.LIBCMTD ref: 0041E03B

Strings

u!h0{@, xrefs: 0041DFF1
(dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0), xrefs: 0041DFF3, 0041E036
_wcstombs_s_l, xrefs: 0041E031
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c, xrefs: 0041DFFF, 0041E02C

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __invalid_parameter
String ID: (dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0)$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c$u!h0{@
API String ID: 3730194576-74403819
Opcode ID: ce8ae9df8e789ac059ff74659df8e88a9c9f39a50a28f67c8ebcc4944a694a40
Instruction ID: b93a81b1d666650da6f2c1088c5680eb8d10ddecfd6b127fdbc5ede70344e445
Opcode Fuzzy Hash: ce8ae9df8e789ac059ff74659df8e88a9c9f39a50a28f67c8ebcc4944a694a40
Instruction Fuzzy Hash: 49016D70E843189AEB209E81CC06BEF7260AB1471DF11042BE912392C1C3FD57D1CB9E

Uniqueness

Uniqueness Score: -1.00%

Function 0041EF81 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 116
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E0041EF81() {
				intOrPtr _t79;
				void* _t84;
				void* _t90;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t127;

				 *((intOrPtr*)(_t125 - 8)) = 0;
				 *((intOrPtr*)(_t125 - 4)) =  *((intOrPtr*)(_t125 + 0xc));
				if( *((intOrPtr*)(_t125 + 0x18)) != 0) {
					 *((short*)( *((intOrPtr*)(_t125 - 4)))) = 0x2d;
					 *((intOrPtr*)(_t125 - 4)) =  *((intOrPtr*)(_t125 - 4)) + 2;
					 *((intOrPtr*)(_t125 - 8)) =  *((intOrPtr*)(_t125 - 8)) + 1;
					 *(_t125 + 8) =  ~( *(_t125 + 8));
				}
				 *((intOrPtr*)(_t125 - 0x14)) =  *((intOrPtr*)(_t125 - 4));
				do {
					 *(_t125 - 0xc) =  *(_t125 + 8) %  *(_t125 + 0x14);
					 *(_t125 + 8) =  *(_t125 + 8) /  *(_t125 + 0x14);
					if( *(_t125 - 0xc) <= 9) {
						 *((short*)( *((intOrPtr*)(_t125 - 4)))) =  *(_t125 - 0xc) + 0x30;
						 *((intOrPtr*)(_t125 - 4)) =  *((intOrPtr*)(_t125 - 4)) + 2;
					} else {
						 *((short*)( *((intOrPtr*)(_t125 - 4)))) =  *(_t125 - 0xc) + 0x57;
						 *((intOrPtr*)(_t125 - 4)) =  *((intOrPtr*)(_t125 - 4)) + 2;
					}
					 *((intOrPtr*)(_t125 - 8)) =  *((intOrPtr*)(_t125 - 8)) + 1;
				} while ( *(_t125 + 8) > 0 &&  *((intOrPtr*)(_t125 - 8)) <  *((intOrPtr*)(_t125 + 0x10)));
				if( *((intOrPtr*)(_t125 - 8)) <  *((intOrPtr*)(_t125 + 0x10))) {
					L14:
					 *((short*)( *((intOrPtr*)(_t125 - 4)))) = 0;
					 *((intOrPtr*)(_t125 - 4)) =  *((intOrPtr*)(_t125 - 4)) - 2;
					do {
						 *((short*)(_t125 - 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t125 - 4))));
						 *((short*)( *((intOrPtr*)(_t125 - 4)))) =  *((intOrPtr*)( *((intOrPtr*)(_t125 - 0x14))));
						 *((short*)( *((intOrPtr*)(_t125 - 0x14)))) =  *((intOrPtr*)(_t125 - 0x10));
						 *((intOrPtr*)(_t125 - 4)) =  *((intOrPtr*)(_t125 - 4)) - 2;
						 *((intOrPtr*)(_t125 - 0x14)) =  *((intOrPtr*)(_t125 - 0x14)) + 2;
					} while ( *((intOrPtr*)(_t125 - 0x14)) <  *((intOrPtr*)(_t125 - 4)));
					_t79 = 0;
					L17:
					return _t79;
				}
				_t98 =  *((intOrPtr*)(_t125 + 0xc));
				 *((short*)( *((intOrPtr*)(_t125 + 0xc)))) = 0;
				asm("sbb eax, eax");
				 *(_t125 - 0x28) =  ~0x00000000;
				if( *((intOrPtr*)(_t125 - 8)) ==  *((intOrPtr*)(_t125 + 0x10))) {
					_push(L"length < sizeInTChars");
					_push(0);
					_push(0x8e);
					_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\xtoa.c");
					_push(2);
					_t84 = L0040E1A0();
					_t127 = _t127 + 0x14;
					if(_t84 == 1) {
						asm("int3");
					}
				}
				if( *(_t125 - 0x28) != 0) {
					goto L14;
				} else {
					 *((intOrPtr*)(L0040EC70(_t98))) = 0x22;
					E00411A50(_t90, _t98, _t123, _t124, L"length < sizeInTChars", L"xtow_s", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\xtoa.c", 0x8e, 0);
					_t79 = 0x22;
					goto L17;
				}
			}

0x0041ef81
0x0041ef8b
0x0041ef92
0x0041ef9c
0x0041efa5
0x0041efae
0x0041efb6
0x0041efb6
0x0041efbc
0x0041efbf
0x0041efc7
0x0041efd2
0x0041efd9
0x0041effb
0x0041f004
0x0041efdb
0x0041efe4
0x0041efed
0x0041efed
0x0041f00d
0x0041f010
0x0041f024
0x0041f094
0x0041f099
0x0041f0a2
0x0041f0a5
0x0041f0ab
0x0041f0b8
0x0041f0c2
0x0041f0cb
0x0041f0d4
0x0041f0da
0x0041f0df
0x0041f0e1
0x0041f0e4
0x0041f0e4
0x0041f028
0x0041f02b
0x0041f034
0x0041f038
0x0041f03b
0x0041f03d
0x0041f042
0x0041f044
0x0041f049
0x0041f04e
0x0041f050
0x0041f055
0x0041f05b
0x0041f05d
0x0041f05d
0x0041f05b
0x0041f062
0x00000000
0x0041f064
0x0041f069
0x0041f085
0x0041f08d
0x00000000
0x0041f08d

APIs

__invalid_parameter.LIBCMTD ref: 0041F085

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c, xrefs: 0041F049, 0041F076
length < sizeInTChars, xrefs: 0041F03D, 0041F080
xtow_s, xrefs: 0041F07B

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __invalid_parameter
String ID: f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c$length < sizeInTChars$xtow_s
API String ID: 3730194576-3173509935
Opcode ID: fef4c4c0535a45d997bbdb4fedfaebb38fee43c7b07f768c1c0c46d55aef9b02
Instruction ID: d4c17832ba0799eff67dd975395ad2caecdaa508a036acbd39251cd37de16b9a
Opcode Fuzzy Hash: fef4c4c0535a45d997bbdb4fedfaebb38fee43c7b07f768c1c0c46d55aef9b02
Instruction Fuzzy Hash: FF410E74E00209EFCB04DF94C541B9EBBB2FF58304F2081AAE804AB395D775AE91DB59

Uniqueness

Uniqueness Score: -1.00%

Function 004238B6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E004238B6(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi) {
				signed int _t483;
				void* _t488;
				signed int _t490;
				void* _t498;
				intOrPtr _t501;
				signed int _t519;
				intOrPtr _t523;
				intOrPtr _t524;
				signed int _t525;
				void* _t527;

				L0:
				while(1) {
					L0:
					_t524 = __esi;
					_t523 = __edi;
					_t501 = __ebx;
					 *(_t525 - 0x30) = 8;
					while(1) {
						L143:
						 *(__ebp - 0x460) = 7;
						while(1) {
							L145:
							 *(__ebp - 8) = 0x10;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
							__eflags =  *(__ebp - 0x10) & 0x00000080;
							if(( *(__ebp - 0x10) & 0x00000080) != 0) {
								__edx = 0x30;
								 *(__ebp - 0x14) = __dx;
								 *(__ebp - 0x460) =  *(__ebp - 0x460) + 0x51;
								__eflags =  *(__ebp - 0x460) + 0x51;
								 *(__ebp - 0x12) = __ax;
								 *(__ebp - 0x1c) = 2;
							}
							while(1) {
								L150:
								 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
								__eflags =  *(__ebp - 0x10) & 0x00008000;
								if(( *(__ebp - 0x10) & 0x00008000) == 0) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
									__eflags =  *(__ebp - 0x10) & 0x00001000;
									if(( *(__ebp - 0x10) & 0x00001000) == 0) {
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
										__eflags =  *(__ebp - 0x10) & 0x00000020;
										if(( *(__ebp - 0x10) & 0x00000020) == 0) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
											__eflags =  *(__ebp - 0x10) & 0x00000040;
											if(( *(__ebp - 0x10) & 0x00000040) == 0) {
												__ecx = __ebp + 0x14;
												__eax = E0041C290(__ebp + 0x14);
												__edx = 0;
												__eflags = 0;
												 *(__ebp - 0x4a0) = __eax;
												 *(__ebp - 0x49c) = 0;
											} else {
												__eax = __ebp + 0x14;
												__eax = E0041C290(__ebp + 0x14);
												asm("cdq");
												 *(__ebp - 0x4a0) = __eax;
												 *(__ebp - 0x49c) = __edx;
											}
										} else {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
											__eflags =  *(__ebp - 0x10) & 0x00000040;
											if(( *(__ebp - 0x10) & 0x00000040) == 0) {
												__ecx = __ebp + 0x14;
												E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
												asm("cdq");
												 *(__ebp - 0x4a0) = __ax & 0x0000ffff;
												 *(__ebp - 0x49c) = __edx;
											} else {
												__eax = __ebp + 0x14;
												__eax = E0041C290(__ebp + 0x14);
												__ax = __eax;
												asm("cdq");
												 *(__ebp - 0x4a0) = __eax;
												 *(__ebp - 0x49c) = __edx;
											}
										}
									} else {
										__eax = __ebp + 0x14;
										 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
										 *(__ebp - 0x49c) = __edx;
									}
								} else {
									__ecx = __ebp + 0x14;
									 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
									 *(__ebp - 0x49c) = __edx;
								}
								 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
								__eflags =  *(__ebp - 0x10) & 0x00000040;
								if(( *(__ebp - 0x10) & 0x00000040) == 0) {
									goto L167;
								}
								L163:
								__eflags =  *(__ebp - 0x49c);
								if(__eflags > 0) {
									goto L167;
								}
								L164:
								if(__eflags < 0) {
									L166:
									 *(__ebp - 0x4a0) =  ~( *(__ebp - 0x4a0));
									__edx =  *(__ebp - 0x49c);
									asm("adc edx, 0x0");
									__edx =  ~( *(__ebp - 0x49c));
									 *(__ebp - 0x4a8) =  ~( *(__ebp - 0x4a0));
									 *(__ebp - 0x4a4) =  ~( *(__ebp - 0x49c));
									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
									L168:
									 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
									__eflags =  *(__ebp - 0x10) & 0x00008000;
									if(( *(__ebp - 0x10) & 0x00008000) == 0) {
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
										__eflags =  *(__ebp - 0x10) & 0x00001000;
										if(( *(__ebp - 0x10) & 0x00001000) == 0) {
											__edx =  *(__ebp - 0x4a8);
											__eax =  *(__ebp - 0x4a4);
											__eax =  *(__ebp - 0x4a4) & 0x00000000;
											__eflags = __eax;
											 *(__ebp - 0x4a4) = __eax;
										}
									}
									__eflags =  *(__ebp - 0x30);
									if( *(__ebp - 0x30) >= 0) {
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xfffffff7;
										__eflags =  *(__ebp - 0x30) - 0x200;
										if( *(__ebp - 0x30) > 0x200) {
											 *(__ebp - 0x30) = 0x200;
										}
									} else {
										 *(__ebp - 0x30) = 1;
									}
									 *(__ebp - 0x4a8) =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
									__eflags =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
									if(( *(__ebp - 0x4a8) |  *(__ebp - 0x4a4)) == 0) {
										 *(__ebp - 0x1c) = 0;
									}
									__eax = __ebp - 0x249;
									 *(__ebp - 4) = __ebp - 0x249;
									while(1) {
										L178:
										__ecx =  *(__ebp - 0x30);
										 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
										 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
										__eflags =  *(__ebp - 0x30);
										if( *(__ebp - 0x30) > 0) {
											goto L180;
										}
										L179:
										 *(__ebp - 0x4a8) =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
										__eflags =  *(__ebp - 0x4a8) |  *(__ebp - 0x4a4);
										if(( *(__ebp - 0x4a8) |  *(__ebp - 0x4a4)) == 0) {
											L183:
											__ebp - 0x249 = __ebp - 0x249 -  *(__ebp - 4);
											 *(__ebp - 0x24) = __ebp - 0x249 -  *(__ebp - 4);
											__ecx =  *(__ebp - 4);
											__ecx =  *(__ebp - 4) + 1;
											 *(__ebp - 4) = __ecx;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000200;
											__eflags =  *(__ebp - 0x10) & 0x00000200;
											if(( *(__ebp - 0x10) & 0x00000200) == 0) {
												while(1) {
													L187:
													__eflags =  *(__ebp - 0x28);
													if( *(__ebp - 0x28) != 0) {
														goto L212;
													}
													L188:
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
													__eflags =  *(__ebp - 0x10) & 0x00000040;
													if(( *(__ebp - 0x10) & 0x00000040) != 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000100;
														__eflags =  *(__ebp - 0x10) & 0x00000100;
														if(( *(__ebp - 0x10) & 0x00000100) == 0) {
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000001;
															__eflags =  *(__ebp - 0x10) & 0x00000001;
															if(( *(__ebp - 0x10) & 0x00000001) == 0) {
																 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000002;
																__eflags =  *(__ebp - 0x10) & 0x00000002;
																if(( *(__ebp - 0x10) & 0x00000002) != 0) {
																	__edx = 0x20;
																	 *(__ebp - 0x14) = __dx;
																	 *(__ebp - 0x1c) = 1;
																}
															} else {
																__eax = 0x2b;
																 *(__ebp - 0x14) = __ax;
																 *(__ebp - 0x1c) = 1;
															}
														} else {
															__ecx = 0x2d;
															 *(__ebp - 0x14) = __cx;
															 *(__ebp - 0x1c) = 1;
														}
													}
													 *(__ebp - 0x18) =  *(__ebp - 0x18) -  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x18) -  *(__ebp - 0x24) -  *(__ebp - 0x1c);
													 *(__ebp - 0x4ac) =  *(__ebp - 0x18) -  *(__ebp - 0x24) -  *(__ebp - 0x1c);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x0000000c;
													__eflags =  *(__ebp - 0x10) & 0x0000000c;
													if(( *(__ebp - 0x10) & 0x0000000c) == 0) {
														__edx = __ebp - 0x44c;
														__eax =  *(__ebp + 8);
														__ecx =  *(__ebp - 0x4ac);
														__eax = E00423FF0(0x20,  *(__ebp - 0x4ac),  *(__ebp + 8), __ebp - 0x44c);
													}
													__edx = __ebp - 0x44c;
													__eax =  *(__ebp + 8);
													__ecx =  *(__ebp - 0x1c);
													__edx = __ebp - 0x14;
													E00424030( *(__ebp - 0x1c), __ebp - 0x14,  *(__ebp - 0x1c),  *(__ebp + 8), __ebp - 0x44c) =  *(__ebp - 0x10);
													__eax =  *(__ebp - 0x10) & 0x00000008;
													__eflags =  *(__ebp - 0x10) & 0x00000008;
													if(( *(__ebp - 0x10) & 0x00000008) != 0) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000004;
														__eflags =  *(__ebp - 0x10) & 0x00000004;
														if(( *(__ebp - 0x10) & 0x00000004) == 0) {
															__edx = __ebp - 0x44c;
															__eax =  *(__ebp + 8);
															__ecx =  *(__ebp - 0x4ac);
															__eax = E00423FF0(0x30,  *(__ebp - 0x4ac),  *(__ebp + 8), __ebp - 0x44c);
														}
													}
													__eflags =  *(__ebp - 0xc);
													if( *(__ebp - 0xc) != 0) {
														L208:
														__edx = __ebp - 0x44c;
														__eax =  *(__ebp + 8);
														__ecx =  *(__ebp - 0x24);
														__edx =  *(__ebp - 4);
														__eax = E00424030(__ecx,  *(__ebp - 4), __ecx,  *(__ebp + 8), __ebp - 0x44c);
														goto L209;
													} else {
														L201:
														__eflags =  *(__ebp - 0x24);
														if( *(__ebp - 0x24) <= 0) {
															goto L208;
														}
														L202:
														__edx =  *(__ebp - 4);
														 *(__ebp - 0x4b0) =  *(__ebp - 4);
														__eax =  *(__ebp - 0x24);
														 *(__ebp - 0x4b4) =  *(__ebp - 0x24);
														while(1) {
															L203:
															__ecx =  *(__ebp - 0x4b4);
															 *(__ebp - 0x4b4) =  *(__ebp - 0x4b4) - 1;
															 *(__ebp - 0x4b4) =  *(__ebp - 0x4b4) - 1;
															__eflags = __ecx;
															if(__ecx <= 0) {
																break;
															}
															L204:
															__ecx = __ebp - 0x40;
															__eax = E0040D3B0(__ebp - 0x40);
															__ecx = __ebp - 0x40;
															E0040D3B0(__ebp - 0x40) =  *__eax;
															__ecx =  *(__ebp - 0x458 + 0xac);
															__edx =  *(__ebp - 0x4b0);
															__eax = __ebp - 0x458;
															 *(__ebp - 0x4b8) = E00419150(__ebp - 0x458,  *(__ebp - 0x4b0),  *(__ebp - 0x458 + 0xac), __ebp - 0x458);
															__eflags =  *(__ebp - 0x4b8);
															if( *(__ebp - 0x4b8) > 0) {
																L206:
																__ecx = __ebp - 0x44c;
																__edx =  *(__ebp + 8);
																 *(__ebp - 0x458) & 0x0000ffff = E00423F90( *(__ebp - 0x458) & 0x0000ffff,  *(__ebp + 8), __ebp - 0x44c);
																 *(__ebp - 0x4b0) =  *(__ebp - 0x4b0) +  *(__ebp - 0x4b8);
																 *(__ebp - 0x4b0) =  *(__ebp - 0x4b0) +  *(__ebp - 0x4b8);
																continue;
															}
															L205:
															 *(__ebp - 0x44c) = 0xffffffff;
															break;
														}
														L207:
														L209:
														__eflags =  *(__ebp - 0x44c);
														if( *(__ebp - 0x44c) >= 0) {
															 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000004;
															__eflags =  *(__ebp - 0x10) & 0x00000004;
															if(( *(__ebp - 0x10) & 0x00000004) != 0) {
																__ecx = __ebp - 0x44c;
																__edx =  *(__ebp + 8);
																 *(__ebp - 0x4ac) = E00423FF0(0x20,  *(__ebp - 0x4ac),  *(__ebp + 8), __ebp - 0x44c);
															}
														}
													}
													L212:
													__eflags =  *(__ebp - 0x20);
													if( *(__ebp - 0x20) != 0) {
														__ecx =  *(__ebp - 0x20);
														__eax = L0040C240( *(__ebp - 0x20), 2);
														 *(__ebp - 0x20) = 0;
													}
													while(1) {
														L214:
														 *(_t525 - 0x454) =  *((intOrPtr*)( *((intOrPtr*)(_t525 + 0xc))));
														_t502 =  *(_t525 - 0x454) & 0x0000ffff;
														 *((intOrPtr*)(_t525 + 0xc)) =  *((intOrPtr*)(_t525 + 0xc)) + 2;
														if(( *(_t525 - 0x454) & 0x0000ffff) == 0 ||  *(_t525 - 0x44c) < 0) {
															break;
														} else {
															if(( *(_t525 - 0x454) & 0x0000ffff) < 0x20 || ( *(_t525 - 0x454) & 0x0000ffff) > 0x78) {
																 *(_t525 - 0x4d8) = 0;
															} else {
																 *(_t525 - 0x4d8) =  *(( *(_t525 - 0x454) & 0x0000ffff) + L"pecifier\", 0)") & 0xf;
															}
														}
														L7:
														 *(_t525 - 0x450) =  *(_t525 - 0x4d8);
														_t519 =  *(_t525 - 0x450) * 9;
														_t490 =  *(_t525 - 0x45c);
														_t510 = ( *(_t519 + _t490 + 0x4083d0) & 0x000000ff) >> 4;
														 *(_t525 - 0x45c) = ( *(_t519 + _t490 + 0x4083d0) & 0x000000ff) >> 4;
														if( *(_t525 - 0x45c) != 8) {
															L16:
															 *(_t525 - 0x4e0) =  *(_t525 - 0x45c);
															__eflags =  *(_t525 - 0x4e0) - 7;
															if( *(_t525 - 0x4e0) > 7) {
																continue;
															}
															L17:
															switch( *((intOrPtr*)( *(_t525 - 0x4e0) * 4 +  &M00423E84))) {
																case 0:
																	L18:
																	 *(_t525 - 0xc) = 1;
																	E00423F90( *(_t525 - 0x454) & 0x0000ffff,  *((intOrPtr*)(_t525 + 8)), _t525 - 0x44c);
																	_t527 = _t527 + 0xc;
																	goto L214;
																case 1:
																	L19:
																	 *(__ebp - 0x2c) = 0;
																	__ecx =  *(__ebp - 0x2c);
																	 *(__ebp - 0x28) = __ecx;
																	__edx =  *(__ebp - 0x28);
																	 *(__ebp - 0x18) =  *(__ebp - 0x28);
																	__eax =  *(__ebp - 0x18);
																	 *(__ebp - 0x1c) =  *(__ebp - 0x18);
																	 *(__ebp - 0x10) = 0;
																	 *(__ebp - 0x30) = 0xffffffff;
																	 *(__ebp - 0xc) = 0;
																	goto L214;
																case 2:
																	L20:
																	__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																	 *(__ebp - 0x4e4) = __ecx;
																	 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
																	 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
																	__eflags =  *(__ebp - 0x4e4) - 0x10;
																	if( *(__ebp - 0x4e4) > 0x10) {
																		goto L27;
																	}
																	L21:
																	_t57 =  *(__ebp - 0x4e4) + 0x423ebc; // 0x498d04
																	__ecx =  *_t57 & 0x000000ff;
																	switch( *((intOrPtr*)(__ecx * 4 +  &M00423EA4))) {
																		case 0:
																			goto L24;
																		case 1:
																			goto L25;
																		case 2:
																			goto L23;
																		case 3:
																			goto L22;
																		case 4:
																			goto L26;
																		case 5:
																			goto L27;
																	}
																case 3:
																	L28:
																	__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																	__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x2a;
																	if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
																		__edx =  *(__ebp - 0x18);
																		__edx =  *(__ebp - 0x18) * 0xa;
																		__eflags = __edx;
																		_t81 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
																		__ecx = __edx + _t81;
																		 *(__ebp - 0x18) = __ecx;
																	} else {
																		__edx = __ebp + 0x14;
																		 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
																		__eflags =  *(__ebp - 0x18);
																		if( *(__ebp - 0x18) < 0) {
																			__eax =  *(__ebp - 0x10);
																			__eax =  *(__ebp - 0x10) | 0x00000004;
																			__eflags = __eax;
																			 *(__ebp - 0x10) = __eax;
																			__ecx =  *(__ebp - 0x18);
																			__ecx =  ~( *(__ebp - 0x18));
																			 *(__ebp - 0x18) = __ecx;
																		}
																	}
																	L33:
																	goto L214;
																case 4:
																	L34:
																	 *(__ebp - 0x30) = 0;
																	goto L214;
																case 5:
																	L35:
																	__edx =  *(__ebp - 0x454) & 0x0000ffff;
																	__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x2a;
																	if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
																		__ecx =  *(__ebp - 0x30);
																		__ecx =  *(__ebp - 0x30) * 0xa;
																		__eflags = __ecx;
																		_t92 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
																		__eax = __ecx + _t92;
																		 *(__ebp - 0x30) = __ecx + _t92;
																	} else {
																		__eax = __ebp + 0x14;
																		 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
																		__eflags =  *(__ebp - 0x30);
																		if( *(__ebp - 0x30) < 0) {
																			 *(__ebp - 0x30) = 0xffffffff;
																		}
																	}
																	goto L214;
																case 6:
																	L41:
																	__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																	 *(__ebp - 0x4e8) = __ecx;
																	 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
																	 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
																	__eflags =  *(__ebp - 0x4e8) - 0x2e;
																	if( *(__ebp - 0x4e8) > 0x2e) {
																		L64:
																		goto L214;
																	}
																	L42:
																	_t100 =  *(__ebp - 0x4e8) + 0x423ee4; // 0x36f19003
																	__ecx =  *_t100 & 0x000000ff;
																	switch( *((intOrPtr*)(__ecx * 4 +  &M00423ED0))) {
																		case 0:
																			L47:
																			__ecx =  *(__ebp + 0xc);
																			__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																			__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x36;
																			if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x36) {
																				L50:
																				__ecx =  *(__ebp + 0xc);
																				__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																				__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x33;
																				if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x33) {
																					L53:
																					__ecx =  *(__ebp + 0xc);
																					__edx =  *__ecx & 0x0000ffff;
																					__eflags = ( *__ecx & 0x0000ffff) - 0x64;
																					if(( *__ecx & 0x0000ffff) == 0x64) {
																						L59:
																						L61:
																						goto L64;
																					}
																					L54:
																					__eax =  *(__ebp + 0xc);
																					__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																					__eflags = __ecx - 0x69;
																					if(__ecx == 0x69) {
																						goto L59;
																					}
																					L55:
																					__edx =  *(__ebp + 0xc);
																					__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																					__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x6f;
																					if(( *( *(__ebp + 0xc)) & 0x0000ffff) == 0x6f) {
																						goto L59;
																					}
																					L56:
																					__ecx =  *(__ebp + 0xc);
																					__edx =  *__ecx & 0x0000ffff;
																					__eflags = ( *__ecx & 0x0000ffff) - 0x75;
																					if(( *__ecx & 0x0000ffff) == 0x75) {
																						goto L59;
																					}
																					L57:
																					__eax =  *(__ebp + 0xc);
																					__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																					__eflags = __ecx - 0x78;
																					if(__ecx == 0x78) {
																						goto L59;
																					}
																					L58:
																					__edx =  *(__ebp + 0xc);
																					__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																					__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x58;
																					if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x58) {
																						 *(__ebp - 0x45c) = 0;
																						goto L18;
																					}
																					goto L59;
																				}
																				L51:
																				__eax =  *(__ebp + 0xc);
																				__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
																				__eflags = __ecx - 0x32;
																				if(__ecx != 0x32) {
																					goto L53;
																				} else {
																					 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																					 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
																					goto L61;
																				}
																			}
																			L48:
																			__eax =  *(__ebp + 0xc);
																			__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
																			__eflags = __ecx - 0x34;
																			if(__ecx != 0x34) {
																				goto L50;
																			} else {
																				 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																				 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
																				goto L61;
																			}
																		case 1:
																			L62:
																			__ecx =  *(__ebp - 0x10);
																			__ecx =  *(__ebp - 0x10) | 0x00000020;
																			 *(__ebp - 0x10) = __ecx;
																			goto L64;
																		case 2:
																			L43:
																			__edx =  *(__ebp + 0xc);
																			__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																			__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x6c;
																			if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x6c) {
																				__eax =  *(__ebp - 0x10);
																				__eax =  *(__ebp - 0x10) | 0x00000010;
																				__eflags = __eax;
																				 *(__ebp - 0x10) = __eax;
																			} else {
																				__ecx =  *(__ebp + 0xc);
																				__ecx =  *(__ebp + 0xc) + 2;
																				 *(__ebp + 0xc) = __ecx;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																			}
																			goto L64;
																		case 3:
																			L63:
																			__edx =  *(__ebp - 0x10);
																			__edx =  *(__ebp - 0x10) | 0x00000800;
																			__eflags = __edx;
																			 *(__ebp - 0x10) = __edx;
																			goto L64;
																		case 4:
																			goto L64;
																	}
																case 7:
																	L65:
																	__eax =  *(__ebp - 0x454) & 0x0000ffff;
																	 *(__ebp - 0x4ec) =  *(__ebp - 0x454) & 0x0000ffff;
																	__ecx =  *(__ebp - 0x4ec);
																	__ecx =  *(__ebp - 0x4ec) - 0x41;
																	 *(__ebp - 0x4ec) = __ecx;
																	__eflags =  *(__ebp - 0x4ec) - 0x37;
																	if( *(__ebp - 0x4ec) > 0x37) {
																		while(1) {
																			L187:
																			__eflags =  *(__ebp - 0x28);
																			if( *(__ebp - 0x28) != 0) {
																				goto L212;
																			}
																			goto L188;
																		}
																	}
																	L66:
																	_t141 =  *(__ebp - 0x4ec) + 0x423f50; // 0xcccccc0d
																	__eax =  *_t141 & 0x000000ff;
																	switch( *((intOrPtr*)(( *_t141 & 0x000000ff) * 4 +  &M00423F14))) {
																		case 0:
																			L120:
																			 *(__ebp - 0x2c) = 1;
																			 *(__ebp - 0x454) & 0x0000ffff = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
																			__eflags = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
																			 *(__ebp - 0x454) = __ax;
																			goto L121;
																		case 1:
																			L67:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			__eflags =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				__edx =  *(__ebp - 0x10);
																				__edx =  *(__ebp - 0x10) | 0x00000020;
																				__eflags = __edx;
																				 *(__ebp - 0x10) = __edx;
																			}
																			goto L69;
																		case 2:
																			L82:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			__eflags =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				__ecx =  *(__ebp - 0x10);
																				__ecx =  *(__ebp - 0x10) | 0x00000020;
																				__eflags = __ecx;
																				 *(__ebp - 0x10) = __ecx;
																			}
																			goto L84;
																		case 3:
																			L143:
																			 *(__ebp - 0x460) = 7;
																			goto L145;
																		case 4:
																			L75:
																			__eax = __ebp + 0x14;
																			 *(__ebp - 0x474) = E0041C290(__ebp + 0x14);
																			__eflags =  *(__ebp - 0x474);
																			if( *(__ebp - 0x474) == 0) {
																				L77:
																				__edx =  *0x60b4f0; // 0x407424
																				 *(__ebp - 4) = __edx;
																				__eax =  *(__ebp - 4);
																				 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																				L81:
																				goto L187;
																			}
																			L76:
																			__ecx =  *(__ebp - 0x474);
																			__eflags =  *(__ecx + 4);
																			if( *(__ecx + 4) != 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
																				__eflags =  *(__ebp - 0x10) & 0x00000800;
																				if(( *(__ebp - 0x10) & 0x00000800) == 0) {
																					 *(__ebp - 0xc) = 0;
																					__edx =  *(__ebp - 0x474);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x474);
																					__edx =  *__ecx;
																					 *(__ebp - 0x24) =  *__ecx;
																				} else {
																					__edx =  *(__ebp - 0x474);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x474);
																					__eax =  *__ecx;
																					asm("cdq");
																					 *__ecx - __edx =  *__ecx - __edx >> 1;
																					 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
																					 *(__ebp - 0xc) = 1;
																				}
																				goto L81;
																			}
																			goto L77;
																		case 5:
																			L121:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			__edx = __ebp - 0x448;
																			 *(__ebp - 4) = __ebp - 0x448;
																			 *(__ebp - 0x44) = 0x200;
																			__eflags =  *(__ebp - 0x30);
																			if( *(__ebp - 0x30) >= 0) {
																				L123:
																				__eflags =  *(__ebp - 0x30);
																				if( *(__ebp - 0x30) != 0) {
																					L126:
																					__eflags =  *(__ebp - 0x30) - 0x200;
																					if( *(__ebp - 0x30) > 0x200) {
																						 *(__ebp - 0x30) = 0x200;
																					}
																					L128:
																					__eflags =  *(__ebp - 0x30) - 0xa3;
																					if( *(__ebp - 0x30) > 0xa3) {
																						__ecx =  *(__ebp - 0x30);
																						__ecx =  *(__ebp - 0x30) + 0x15d;
																						 *(__ebp - 0x20) = L0040B5C0( *(__ebp - 0x30) + 0x15d,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																						__eflags =  *(__ebp - 0x20);
																						if( *(__ebp - 0x20) == 0) {
																							 *(__ebp - 0x30) = 0xa3;
																						} else {
																							__edx =  *(__ebp - 0x20);
																							 *(__ebp - 4) =  *(__ebp - 0x20);
																							 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																							 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																						}
																					}
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					__edx =  *(__ebp + 0x14);
																					__eax =  *(__edx - 8);
																					__ecx =  *(__edx - 4);
																					 *(__ebp - 0x490) =  *(__edx - 8);
																					 *(__ebp - 0x48c) =  *(__edx - 4);
																					__ecx = __ebp - 0x40;
																					_push(E0040D3B0(__ebp - 0x40));
																					__edx =  *(__ebp - 0x2c);
																					_push( *(__ebp - 0x2c));
																					__eax =  *(__ebp - 0x30);
																					_push( *(__ebp - 0x30));
																					__ecx =  *(__ebp - 0x454);
																					_push( *(__ebp - 0x454));
																					__edx =  *(__ebp - 0x44);
																					_push( *(__ebp - 0x44));
																					__eax =  *(__ebp - 4);
																					_push( *(__ebp - 4));
																					__ecx = __ebp - 0x490;
																					_push(__ebp - 0x490);
																					__edx =  *0x60b3cc; // 0x7e8c4bdb
																					E00410200(__edx) =  *__eax();
																					__esp = __esp + 0x1c;
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																					__eflags =  *(__ebp - 0x10) & 0x00000080;
																					if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																						__eflags =  *(__ebp - 0x30);
																						if( *(__ebp - 0x30) == 0) {
																							__ecx = __ebp - 0x40;
																							_push(E0040D3B0(__ebp - 0x40));
																							__ecx =  *(__ebp - 4);
																							_push( *(__ebp - 4));
																							__edx =  *0x60b3d8; // 0x7e8c4bdb
																							E00410200(__edx) =  *__eax();
																							__esp = __esp + 8;
																						}
																					}
																					__eax =  *(__ebp - 0x454) & 0x0000ffff;
																					__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x67;
																					if(( *(__ebp - 0x454) & 0x0000ffff) == 0x67) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																						__eflags =  *(__ebp - 0x10) & 0x00000080;
																						if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																							__ecx = __ebp - 0x40;
																							_push(E0040D3B0(__ebp - 0x40));
																							__edx =  *(__ebp - 4);
																							_push( *(__ebp - 4));
																							__eax =  *0x60b3d4; // 0x7e8c4bdb
																							__eax =  *__eax();
																							__esp = __esp + 8;
																						}
																					}
																					__ecx =  *(__ebp - 4);
																					__edx =  *( *(__ebp - 4));
																					__eflags =  *( *(__ebp - 4)) - 0x2d;
																					if( *( *(__ebp - 4)) == 0x2d) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						__ecx =  *(__ebp - 4);
																						__ecx =  *(__ebp - 4) + 1;
																						__eflags = __ecx;
																						 *(__ebp - 4) = __ecx;
																					}
																					__edx =  *(__ebp - 4);
																					 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																					do {
																						L187:
																						__eflags =  *(__ebp - 0x28);
																						if( *(__ebp - 0x28) != 0) {
																							goto L212;
																						}
																						goto L188;
																					} while ( *(__ebp - 0x4ec) > 0x37);
																					goto L66;
																				}
																				L124:
																				__eax =  *(__ebp - 0x454) & 0x0000ffff;
																				__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x67;
																				if(( *(__ebp - 0x454) & 0x0000ffff) != 0x67) {
																					goto L126;
																				}
																				L125:
																				 *(__ebp - 0x30) = 1;
																				goto L128;
																			}
																			L122:
																			 *(__ebp - 0x30) = 6;
																			goto L128;
																		case 6:
																			L69:
																			 *(__ebp - 0xc) = 1;
																			__ebp + 0x14 = E0041C290(__ebp + 0x14);
																			 *(__ebp - 0x458) = __ax;
																			__ecx =  *(__ebp - 0x10);
																			__ecx =  *(__ebp - 0x10) & 0x00000020;
																			__eflags = __ecx;
																			if(__ecx == 0) {
																				__cx =  *(__ebp - 0x458);
																				 *(__ebp - 0x448) = __cx;
																			} else {
																				 *(__ebp - 0x458) & 0x0000ffff =  *(__ebp - 0x458) & 0xff;
																				 *(__ebp - 0x470) = __dl;
																				 *((char*)(__ebp - 0x46f)) = 0;
																				__ecx = __ebp - 0x40;
																				__eax = E0040D3B0(__ebp - 0x40);
																				__ecx = __ebp - 0x40;
																				E0040D3B0(__ebp - 0x40) =  *__eax;
																				__ecx =  *(__ebp - 0x448 + 0xac);
																				__edx = __ebp - 0x470;
																				__eax = __ebp - 0x448;
																				__eax = E00419150(__ebp - 0x448, __ebp - 0x470,  *(__ebp - 0x448 + 0xac), __ebp - 0x448);
																				__eflags = __eax;
																				if(__eax < 0) {
																					 *(__ebp - 0x28) = 1;
																				}
																			}
																			__edx = __ebp - 0x448;
																			 *(__ebp - 4) = __ebp - 0x448;
																			 *(__ebp - 0x24) = 1;
																			while(1) {
																				L187:
																				__eflags =  *(__ebp - 0x28);
																				if( *(__ebp - 0x28) != 0) {
																					goto L212;
																				}
																				goto L188;
																			}
																		case 7:
																			L141:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 8) = 0xa;
																			goto L150;
																		case 8:
																			L106:
																			__eax = __ebp + 0x14;
																			 *(__ebp - 0x484) = E0041C290(__ebp + 0x14);
																			__eax = E00420F80();
																			__eflags = __eax;
																			if(__eax != 0) {
																				L116:
																				__ecx =  *(__ebp - 0x10);
																				__ecx =  *(__ebp - 0x10) & 0x00000020;
																				__eflags = __ecx;
																				if(__ecx == 0) {
																					__ecx =  *(__ebp - 0x484);
																					__edx =  *(__ebp - 0x44c);
																					 *__ecx =  *(__ebp - 0x44c);
																				} else {
																					__edx =  *(__ebp - 0x484);
																					__ax =  *(__ebp - 0x44c);
																					 *( *(__ebp - 0x484)) = __ax;
																				}
																				 *(__ebp - 0x28) = 1;
																				while(1) {
																					L187:
																					__eflags =  *(__ebp - 0x28);
																					if( *(__ebp - 0x28) != 0) {
																						goto L212;
																					}
																					goto L188;
																				}
																			}
																			L107:
																			__ecx = 0;
																			__eflags = 0;
																			if(0 == 0) {
																				 *(__ebp - 0x4f4) = 0;
																			} else {
																				 *(__ebp - 0x4f4) = 1;
																			}
																			__edx =  *(__ebp - 0x4f4);
																			 *(__ebp - 0x488) =  *(__ebp - 0x4f4);
																			__eflags =  *(__ebp - 0x488);
																			if( *(__ebp - 0x488) == 0) {
																				_push(L"(\"\'n\' format specifier disabled\", 0)");
																				_push(0);
																				_push(0x695);
																				_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																				_push(2);
																				__eax = L0040E1A0();
																				__esp = __esp + 0x14;
																				__eflags = __eax - 1;
																				if(__eax == 1) {
																					asm("int3");
																				}
																			}
																			__eflags =  *(__ebp - 0x488);
																			if( *(__ebp - 0x488) != 0) {
																				L115:
																				while(1) {
																					L187:
																					__eflags =  *(__ebp - 0x28);
																					if( *(__ebp - 0x28) != 0) {
																						goto L212;
																					}
																					goto L188;
																				}
																			} else {
																				L114:
																				 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
																				__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
																				 *(__ebp - 0x4cc) = 0xffffffff;
																				__ecx = __ebp - 0x40;
																				__eax = E0040D380(__ecx);
																				__eax =  *(__ebp - 0x4cc);
																				goto L225;
																			}
																		case 9:
																			L148:
																			 *(__ebp - 8) = 8;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			__eflags =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				__edx =  *(__ebp - 0x10);
																				__edx =  *(__ebp - 0x10) | 0x00000200;
																				__eflags = __edx;
																				 *(__ebp - 0x10) = __edx;
																			}
																			L150:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																			__eflags =  *(__ebp - 0x10) & 0x00008000;
																			if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																				__eflags =  *(__ebp - 0x10) & 0x00001000;
																				if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																					__eflags =  *(__ebp - 0x10) & 0x00000020;
																					if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__edx = 0;
																							__eflags = 0;
																							 *(__ebp - 0x4a0) = __eax;
																							 *(__ebp - 0x49c) = 0;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							asm("cdq");
																							 *(__ebp - 0x4a0) = __eax;
																							 *(__ebp - 0x49c) = __edx;
																						}
																					} else {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																						__eflags =  *(__ebp - 0x10) & 0x00000040;
																						if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																							__ecx = __ebp + 0x14;
																							E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																							asm("cdq");
																							 *(__ebp - 0x4a0) = __ax & 0x0000ffff;
																							 *(__ebp - 0x49c) = __edx;
																						} else {
																							__eax = __ebp + 0x14;
																							__eax = E0041C290(__ebp + 0x14);
																							__ax = __eax;
																							asm("cdq");
																							 *(__ebp - 0x4a0) = __eax;
																							 *(__ebp - 0x49c) = __edx;
																						}
																					}
																				} else {
																					__eax = __ebp + 0x14;
																					 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																					 *(__ebp - 0x49c) = __edx;
																				}
																			} else {
																				__ecx = __ebp + 0x14;
																				 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																				 *(__ebp - 0x49c) = __edx;
																			}
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																			__eflags =  *(__ebp - 0x10) & 0x00000040;
																			if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																				goto L167;
																			}
																		case 0xa:
																			goto L0;
																		case 0xb:
																			L84:
																			__eflags =  *(__ebp - 0x30) - 0xffffffff;
																			if( *(__ebp - 0x30) != 0xffffffff) {
																				__edx =  *(__ebp - 0x30);
																				 *(__ebp - 0x4f0) =  *(__ebp - 0x30);
																			} else {
																				 *(__ebp - 0x4f0) = 0x7fffffff;
																			}
																			__eax =  *(__ebp - 0x4f0);
																			 *(__ebp - 0x47c) =  *(__ebp - 0x4f0);
																			__ecx = __ebp + 0x14;
																			 *(__ebp - 4) = E0041C290(__ebp + 0x14);
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																			__eflags =  *(__ebp - 0x10) & 0x00000020;
																			if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																				L98:
																				__eflags =  *(__ebp - 4);
																				if( *(__ebp - 4) == 0) {
																					__ecx =  *0x60b4f4; // 0x407414
																					 *(__ebp - 4) = __ecx;
																				}
																				 *(__ebp - 0xc) = 1;
																				__edx =  *(__ebp - 4);
																				 *(__ebp - 0x480) =  *(__ebp - 4);
																				while(1) {
																					L101:
																					__eax =  *(__ebp - 0x47c);
																					__ecx =  *(__ebp - 0x47c);
																					__ecx =  *(__ebp - 0x47c) - 1;
																					 *(__ebp - 0x47c) = __ecx;
																					__eflags =  *(__ebp - 0x47c);
																					if( *(__ebp - 0x47c) == 0) {
																						break;
																					}
																					L102:
																					__edx =  *(__ebp - 0x480);
																					__eax =  *( *(__ebp - 0x480)) & 0x0000ffff;
																					__eflags =  *( *(__ebp - 0x480)) & 0x0000ffff;
																					if(( *( *(__ebp - 0x480)) & 0x0000ffff) == 0) {
																						break;
																					}
																					L103:
																					 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
																					 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
																				}
																				L104:
																				__edx =  *(__ebp - 0x480);
																				__edx =  *(__ebp - 0x480) -  *(__ebp - 4);
																				__eflags = __edx;
																				 *(__ebp - 0x24) = __edx;
																				goto L105;
																			} else {
																				L88:
																				__eflags =  *(__ebp - 4);
																				if( *(__ebp - 4) == 0) {
																					__eax =  *0x60b4f0; // 0x407424
																					 *(__ebp - 4) = __eax;
																				}
																				__ecx =  *(__ebp - 4);
																				 *(__ebp - 0x478) = __ecx;
																				 *(__ebp - 0x24) = 0;
																				while(1) {
																					L92:
																					__eax =  *(__ebp - 0x24);
																					__eflags =  *(__ebp - 0x24) -  *(__ebp - 0x47c);
																					if( *(__ebp - 0x24) >=  *(__ebp - 0x47c)) {
																						break;
																					}
																					L93:
																					__ecx =  *(__ebp - 0x478);
																					__edx =  *__ecx;
																					__eflags =  *__ecx;
																					if( *__ecx == 0) {
																						break;
																					}
																					L94:
																					__ecx = __ebp - 0x40;
																					E0040D3B0(__ebp - 0x40) =  *(__ebp - 0x478);
																					__ecx =  *( *(__ebp - 0x478)) & 0x000000ff;
																					__eax = E00419390( *( *(__ebp - 0x478)) & 0x000000ff,  *(__ebp - 0x478));
																					__eflags = __eax;
																					if(__eax != 0) {
																						__edx =  *(__ebp - 0x478);
																						__edx =  *(__ebp - 0x478) + 1;
																						__eflags = __edx;
																						 *(__ebp - 0x478) = __edx;
																					}
																					 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																					 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																					__edx =  *(__ebp - 0x24);
																					__edx =  *(__ebp - 0x24) + 1;
																					__eflags = __edx;
																					 *(__ebp - 0x24) = __edx;
																				}
																				L97:
																				L105:
																				while(1) {
																					L187:
																					__eflags =  *(__ebp - 0x28);
																					if( *(__ebp - 0x28) != 0) {
																						goto L212;
																					}
																					goto L188;
																				}
																			}
																		case 0xc:
																			L142:
																			 *(__ebp - 8) = 0xa;
																			while(1) {
																				L150:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																				__eflags =  *(__ebp - 0x10) & 0x00008000;
																				if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																					__eflags =  *(__ebp - 0x10) & 0x00001000;
																					if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																						__eflags =  *(__ebp - 0x10) & 0x00000020;
																						if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																							__eflags =  *(__ebp - 0x10) & 0x00000040;
																							if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																								__ecx = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								__edx = 0;
																								__eflags = 0;
																								 *(__ebp - 0x4a0) = __eax;
																								 *(__ebp - 0x49c) = 0;
																							} else {
																								__eax = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								asm("cdq");
																								 *(__ebp - 0x4a0) = __eax;
																								 *(__ebp - 0x49c) = __edx;
																							}
																						} else {
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																							__eflags =  *(__ebp - 0x10) & 0x00000040;
																							if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																								__ecx = __ebp + 0x14;
																								E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																								asm("cdq");
																								 *(__ebp - 0x4a0) = __ax & 0x0000ffff;
																								 *(__ebp - 0x49c) = __edx;
																							} else {
																								__eax = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								__ax = __eax;
																								asm("cdq");
																								 *(__ebp - 0x4a0) = __eax;
																								 *(__ebp - 0x49c) = __edx;
																							}
																						}
																					} else {
																						__eax = __ebp + 0x14;
																						 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																						 *(__ebp - 0x49c) = __edx;
																					}
																				} else {
																					__ecx = __ebp + 0x14;
																					 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																					 *(__ebp - 0x49c) = __edx;
																				}
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																				__eflags =  *(__ebp - 0x10) & 0x00000040;
																				if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																					goto L167;
																				}
																				goto L163;
																			}
																		case 0xd:
																			L144:
																			 *(__ebp - 0x460) = 0x27;
																			L145:
																			 *(__ebp - 8) = 0x10;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			__eflags =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				__edx = 0x30;
																				 *(__ebp - 0x14) = __dx;
																				 *(__ebp - 0x460) =  *(__ebp - 0x460) + 0x51;
																				__eflags =  *(__ebp - 0x460) + 0x51;
																				 *(__ebp - 0x12) = __ax;
																				 *(__ebp - 0x1c) = 2;
																			}
																			while(1) {
																				L150:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00008000;
																				__eflags =  *(__ebp - 0x10) & 0x00008000;
																				if(( *(__ebp - 0x10) & 0x00008000) == 0) {
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00001000;
																					__eflags =  *(__ebp - 0x10) & 0x00001000;
																					if(( *(__ebp - 0x10) & 0x00001000) == 0) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																						__eflags =  *(__ebp - 0x10) & 0x00000020;
																						if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																							__eflags =  *(__ebp - 0x10) & 0x00000040;
																							if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																								__ecx = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								__edx = 0;
																								__eflags = 0;
																								 *(__ebp - 0x4a0) = __eax;
																								 *(__ebp - 0x49c) = 0;
																							} else {
																								__eax = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								asm("cdq");
																								 *(__ebp - 0x4a0) = __eax;
																								 *(__ebp - 0x49c) = __edx;
																							}
																						} else {
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																							__eflags =  *(__ebp - 0x10) & 0x00000040;
																							if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																								__ecx = __ebp + 0x14;
																								E0041C290(__ebp + 0x14) = __ax & 0x0000ffff;
																								asm("cdq");
																								 *(__ebp - 0x4a0) = __ax & 0x0000ffff;
																								 *(__ebp - 0x49c) = __edx;
																							} else {
																								__eax = __ebp + 0x14;
																								__eax = E0041C290(__ebp + 0x14);
																								__ax = __eax;
																								asm("cdq");
																								 *(__ebp - 0x4a0) = __eax;
																								 *(__ebp - 0x49c) = __edx;
																							}
																						}
																					} else {
																						__eax = __ebp + 0x14;
																						 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																						 *(__ebp - 0x49c) = __edx;
																					}
																				} else {
																					__ecx = __ebp + 0x14;
																					 *(__ebp - 0x4a0) = E0041C2B0(__ebp + 0x14);
																					 *(__ebp - 0x49c) = __edx;
																				}
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000040;
																				__eflags =  *(__ebp - 0x10) & 0x00000040;
																				if(( *(__ebp - 0x10) & 0x00000040) == 0) {
																					goto L167;
																				}
																				goto L163;
																			}
																		case 0xe:
																			while(1) {
																				L187:
																				__eflags =  *(__ebp - 0x28);
																				if( *(__ebp - 0x28) != 0) {
																					goto L212;
																				}
																				goto L188;
																			}
																	}
																case 8:
																	L24:
																	__ecx =  *(__ebp - 0x10);
																	__ecx =  *(__ebp - 0x10) | 0x00000002;
																	 *(__ebp - 0x10) = __ecx;
																	goto L27;
																case 9:
																	L25:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																	goto L27;
																case 0xa:
																	L23:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
																	goto L27;
																case 0xb:
																	L22:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																	goto L27;
																case 0xc:
																	L26:
																	__eax =  *(__ebp - 0x10);
																	__eax =  *(__ebp - 0x10) | 0x00000008;
																	__eflags = __eax;
																	 *(__ebp - 0x10) = __eax;
																	goto L27;
																case 0xd:
																	L27:
																	goto L214;
															}
														} else {
															_t517 = 0;
															if(0 == 0) {
																 *(_t525 - 0x4dc) = 0;
															} else {
																 *(_t525 - 0x4dc) = 1;
															}
															 *(_t525 - 0x46c) =  *(_t525 - 0x4dc);
															if( *(_t525 - 0x46c) == 0) {
																_push(L"(\"Incorrect format specifier\", 0)");
																_push(0);
																_push(0x460);
																_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																_push(2);
																_t498 = L0040E1A0();
																_t527 = _t527 + 0x14;
																if(_t498 == 1) {
																	asm("int3");
																}
															}
															L14:
															if( *(_t525 - 0x46c) != 0) {
																goto L16;
															} else {
																 *((intOrPtr*)(L0040EC70(_t510))) = 0x16;
																E00411A50(_t501, _t510, _t523, _t524, L"(\"Incorrect format specifier\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
																 *(_t525 - 0x4c8) = 0xffffffff;
																E0040D380(_t525 - 0x40);
																_t483 =  *(_t525 - 0x4c8);
																L225:
																return E00416CA0(_t483, _t501,  *(_t525 - 0x48) ^ _t525, _t517, _t523, _t524);
															}
														}
													}
													L215:
													__eflags =  *(_t525 - 0x45c);
													if( *(_t525 - 0x45c) == 0) {
														L218:
														 *(_t525 - 0x4f8) = 1;
														L219:
														_t517 =  *(_t525 - 0x4f8);
														 *(_t525 - 0x4bc) =  *(_t525 - 0x4f8);
														__eflags =  *(_t525 - 0x4bc);
														if( *(_t525 - 0x4bc) == 0) {
															_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
															_push(0);
															_push(0x8f5);
															_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
															_push(2);
															_t488 = L0040E1A0();
															_t527 = _t527 + 0x14;
															__eflags = _t488 - 1;
															if(_t488 == 1) {
																asm("int3");
															}
														}
														__eflags =  *(_t525 - 0x4bc);
														if( *(_t525 - 0x4bc) != 0) {
															 *(_t525 - 0x4d4) =  *(_t525 - 0x44c);
															E0040D380(_t525 - 0x40);
															_t483 =  *(_t525 - 0x4d4);
														} else {
															 *((intOrPtr*)(L0040EC70(_t502))) = 0x16;
															E00411A50(_t501, _t502, _t523, _t524, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
															 *(_t525 - 0x4d0) = 0xffffffff;
															E0040D380(_t525 - 0x40);
															_t483 =  *(_t525 - 0x4d0);
														}
														goto L225;
													}
													L216:
													__eflags =  *(_t525 - 0x45c) - 7;
													if( *(_t525 - 0x45c) == 7) {
														goto L218;
													}
													L217:
													 *(_t525 - 0x4f8) = 0;
													goto L219;
												}
											}
											L184:
											__eflags =  *(__ebp - 0x24);
											if( *(__ebp - 0x24) == 0) {
												L186:
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												 *(__ebp - 4) =  *(__ebp - 4) - 1;
												__eax =  *(__ebp - 4);
												 *( *(__ebp - 4)) = 0x30;
												__ecx =  *(__ebp - 0x24);
												__ecx =  *(__ebp - 0x24) + 1;
												__eflags = __ecx;
												 *(__ebp - 0x24) = __ecx;
												goto L187;
											}
											L185:
											__eax =  *(__ebp - 4);
											__ecx =  *( *(__ebp - 4));
											__eflags = __ecx - 0x30;
											if(__ecx == 0x30) {
												goto L187;
											}
											goto L186;
										}
										L180:
										__eax =  *(__ebp - 8);
										asm("cdq");
										__ecx =  *(__ebp - 0x4a4);
										__edx =  *(__ebp - 0x4a8);
										__eax = E0041CE40( *(__ebp - 0x4a8),  *(__ebp - 0x4a4),  *(__ebp - 8),  *(__ebp - 0x4a8));
										 *(__ebp - 0x494) = __eax;
										__eax =  *(__ebp - 8);
										asm("cdq");
										__eax =  *(__ebp - 0x4a4);
										__ecx =  *(__ebp - 0x4a8);
										 *(__ebp - 0x4a8) = E0041CDD0( *(__ebp - 0x4a8),  *(__ebp - 0x4a4),  *(__ebp - 8), __edx);
										 *(__ebp - 0x4a4) = __edx;
										__eflags =  *(__ebp - 0x494) - 0x39;
										if( *(__ebp - 0x494) > 0x39) {
											__edx =  *(__ebp - 0x494);
											__edx =  *(__ebp - 0x494) +  *(__ebp - 0x460);
											__eflags = __edx;
											 *(__ebp - 0x494) = __edx;
										}
										__eax =  *(__ebp - 4);
										 *( *(__ebp - 4)) =  *(__ebp - 0x494);
										 *(__ebp - 4) =  *(__ebp - 4) - 1;
										 *(__ebp - 4) =  *(__ebp - 4) - 1;
										L178:
										__ecx =  *(__ebp - 0x30);
										 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
										 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
										__eflags =  *(__ebp - 0x30);
										if( *(__ebp - 0x30) > 0) {
											goto L180;
										}
										goto L179;
									}
								}
								L165:
								__eflags =  *(__ebp - 0x4a0);
								if( *(__ebp - 0x4a0) >= 0) {
									goto L167;
								}
								goto L166;
								L167:
								__ecx =  *(__ebp - 0x4a0);
								 *(__ebp - 0x4a8) =  *(__ebp - 0x4a0);
								__edx =  *(__ebp - 0x49c);
								 *(__ebp - 0x4a4) =  *(__ebp - 0x49c);
								goto L168;
							}
						}
					}
				}
			}

0x004238b6
0x004238b6
0x004238b6
0x004238b6
0x004238b6
0x004238b6
0x004238b6
0x004238bd
0x004238bd
0x004238bd
0x004238d3
0x004238d3
0x004238d3
0x004238dd
0x004238dd
0x004238e3
0x004238e5
0x004238ea
0x004238f4
0x004238f4
0x004238f7
0x004238fb
0x004238fb
0x00423922
0x00423922
0x00423925
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239de
0x004239e2
0x004239ea
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c3
0x004239c7
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x0042399d
0x004239a9
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423981
0x00423985
0x0042398d
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423954
0x00423960
0x00423966
0x00423966
0x0042392c
0x0042392c
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00423a00
0x00423a00
0x00423a07
0x00000000
0x00000000
0x00423a09
0x00423a09
0x00423a14
0x00423a1a
0x00423a1c
0x00423a22
0x00423a25
0x00423a27
0x00423a2d
0x00423a36
0x00423a3b
0x00423a58
0x00423a5b
0x00423a5b
0x00423a60
0x00423a65
0x00423a65
0x00423a6b
0x00423a6d
0x00423a73
0x00423a79
0x00423a79
0x00423a82
0x00423a82
0x00423a6b
0x00423a88
0x00423a8c
0x00423a9a
0x00423a9d
0x00423aa0
0x00423aa7
0x00423aa9
0x00423aa9
0x00423a8e
0x00423a8e
0x00423a8e
0x00423ab6
0x00423ab6
0x00423abc
0x00423abe
0x00423abe
0x00423ac5
0x00423acb
0x00423ace
0x00423ace
0x00423ace
0x00423ad4
0x00423ad7
0x00423ada
0x00423adc
0x00000000
0x00000000
0x00423ade
0x00423ae4
0x00423ae4
0x00423aea
0x00423b67
0x00423b6d
0x00423b70
0x00423b73
0x00423b76
0x00423b79
0x00423b7f
0x00423b7f
0x00423b85
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00423bba
0x00423bbd
0x00423bbd
0x00423bc0
0x00423bc5
0x00423bc5
0x00423bca
0x00423be1
0x00423be1
0x00423be4
0x00423bfb
0x00423bfb
0x00423bfe
0x00423c00
0x00423c05
0x00423c09
0x00423c09
0x00423be6
0x00423be6
0x00423beb
0x00423bef
0x00423bef
0x00423bcc
0x00423bcc
0x00423bd1
0x00423bd5
0x00423bd5
0x00423bca
0x00423c13
0x00423c16
0x00423c19
0x00423c22
0x00423c22
0x00423c25
0x00423c27
0x00423c2e
0x00423c32
0x00423c3b
0x00423c40
0x00423c43
0x00423c4a
0x00423c4e
0x00423c52
0x00423c5e
0x00423c61
0x00423c61
0x00423c64
0x00423c69
0x00423c69
0x00423c6c
0x00423c6e
0x00423c75
0x00423c79
0x00423c82
0x00423c87
0x00423c6c
0x00423c8a
0x00423c8e
0x00423d48
0x00423d48
0x00423d4f
0x00423d53
0x00423d57
0x00423d5b
0x00000000
0x00423c94
0x00423c94
0x00423c94
0x00423c98
0x00000000
0x00000000
0x00423c9e
0x00423c9e
0x00423ca1
0x00423ca7
0x00423caa
0x00423cb0
0x00423cb0
0x00423cb0
0x00423cbc
0x00423cbf
0x00423cc5
0x00423cc7
0x00000000
0x00000000
0x00423cc9
0x00423cc9
0x00423ccc
0x00423cd2
0x00423cda
0x00423cdc
0x00423ce3
0x00423cea
0x00423cf9
0x00423cff
0x00423d06
0x00423d14
0x00423d14
0x00423d1b
0x00423d27
0x00423d35
0x00423d3b
0x00000000
0x00423d3b
0x00423d08
0x00423d08
0x00000000
0x00423d08
0x00423d46
0x00423d63
0x00423d63
0x00423d6a
0x00423d6f
0x00423d6f
0x00423d72
0x00423d74
0x00423d7b
0x00423d88
0x00423d8d
0x00423d72
0x00423d6a
0x00423d90
0x00423d90
0x00423d94
0x00423d98
0x00423d9c
0x00423da4
0x00423da4
0x00423dab
0x00423dab
0x00422f2b
0x00422f32
0x00422f3f
0x00422f44
0x00000000
0x00422f57
0x00422f61
0x00422f88
0x00422f6f
0x00422f80
0x00422f80
0x00422f61
0x00422f92
0x00422f98
0x00422fa4
0x00422fa7
0x00422fb5
0x00422fb8
0x00422fc5
0x0042306a
0x00423070
0x00423076
0x0042307d
0x00000000
0x00000000
0x00423083
0x00423089
0x00000000
0x00423090
0x00423090
0x004230aa
0x004230af
0x00000000
0x00000000
0x004230b7
0x004230b7
0x004230be
0x004230c1
0x004230c4
0x004230c7
0x004230ca
0x004230cd
0x004230d0
0x004230d7
0x004230de
0x00000000
0x00000000
0x004230ea
0x004230ea
0x004230f1
0x004230fd
0x00423100
0x00423106
0x0042310d
0x00000000
0x00000000
0x0042310f
0x00423115
0x00423115
0x0042311c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423160
0x00423160
0x00423167
0x0042316a
0x00423194
0x00423197
0x00423197
0x004231a1
0x004231a1
0x004231a5
0x0042316c
0x0042316c
0x00423178
0x0042317b
0x0042317f
0x00423181
0x00423184
0x00423184
0x00423187
0x0042318a
0x0042318d
0x0042318f
0x0042318f
0x00423192
0x004231a8
0x00000000
0x00000000
0x004231ad
0x004231ad
0x00000000
0x00000000
0x004231b9
0x004231b9
0x004231c0
0x004231c3
0x004231e3
0x004231e6
0x004231e6
0x004231f0
0x004231f0
0x004231f4
0x004231c5
0x004231c5
0x004231d1
0x004231d4
0x004231d8
0x004231da
0x004231da
0x004231e1
0x00000000
0x00000000
0x004231fc
0x004231fc
0x00423203
0x0042320f
0x00423212
0x00423218
0x0042321f
0x00423332
0x00000000
0x00423332
0x00423225
0x0042322b
0x0042322b
0x00423232
0x00000000
0x00423269
0x00423269
0x0042326c
0x0042326f
0x00423272
0x00423299
0x00423299
0x0042329c
0x0042329f
0x004232a2
0x004232c6
0x004232c6
0x004232c9
0x004232cc
0x004232cf
0x00423308
0x00423319
0x00000000
0x00423319
0x004232d1
0x004232d1
0x004232d4
0x004232d7
0x004232da
0x00000000
0x00000000
0x004232dc
0x004232dc
0x004232df
0x004232e2
0x004232e5
0x00000000
0x00000000
0x004232e7
0x004232e7
0x004232ea
0x004232ed
0x004232f0
0x00000000
0x00000000
0x004232f2
0x004232f2
0x004232f5
0x004232f8
0x004232fb
0x00000000
0x00000000
0x004232fd
0x004232fd
0x00423300
0x00423303
0x00423306
0x0042330a
0x00000000
0x0042330a
0x00000000
0x00423306
0x004232a4
0x004232a4
0x004232a7
0x004232ab
0x004232ae
0x00000000
0x004232b0
0x004232b3
0x004232b6
0x004232bc
0x004232c1
0x00000000
0x004232c1
0x004232ae
0x00423274
0x00423274
0x00423277
0x0042327b
0x0042327e
0x00000000
0x00423280
0x00423283
0x00423286
0x0042328c
0x00423291
0x00000000
0x00423291
0x00000000
0x0042331b
0x0042331b
0x0042331e
0x00423321
0x00000000
0x00000000
0x00423239
0x00423239
0x0042323c
0x0042323f
0x00423242
0x0042325b
0x0042325e
0x0042325e
0x00423261
0x00423244
0x00423244
0x00423247
0x0042324a
0x00423250
0x00423256
0x00423256
0x00000000
0x00000000
0x00423326
0x00423326
0x00423329
0x00423329
0x0042332f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423337
0x00423337
0x0042333e
0x00423344
0x0042334a
0x0042334d
0x00423353
0x0042335a
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00423360
0x00423366
0x00423366
0x0042336d
0x00000000
0x004236f1
0x004236f1
0x004236ff
0x004236ff
0x00423702
0x00000000
0x00000000
0x00423374
0x00423377
0x00423377
0x0042337d
0x0042337f
0x00423382
0x00423382
0x00423385
0x00423385
0x00000000
0x00000000
0x004234ba
0x004234bd
0x004234bd
0x004234c2
0x004234c4
0x004234c7
0x004234c7
0x004234ca
0x004234ca
0x00000000
0x00000000
0x004238bd
0x004238bd
0x00000000
0x00000000
0x00423424
0x00423424
0x00423430
0x00423436
0x0042343d
0x0042344b
0x0042344b
0x00423451
0x00423454
0x00423460
0x004234b5
0x00000000
0x004234b5
0x0042343f
0x0042343f
0x00423445
0x00423449
0x00423468
0x00423468
0x0042346e
0x00423496
0x0042349d
0x004234a3
0x004234a6
0x004234a9
0x004234af
0x004234b2
0x00423470
0x00423470
0x00423476
0x00423479
0x0042347c
0x00423482
0x00423485
0x00423488
0x0042348a
0x0042348d
0x0042348d
0x00000000
0x0042346e
0x00000000
0x00000000
0x00423709
0x0042370c
0x0042370f
0x00423712
0x00423718
0x0042371b
0x00423722
0x00423726
0x00423731
0x00423731
0x00423735
0x0042374c
0x0042374c
0x00423753
0x00423755
0x00423755
0x0042375c
0x0042375c
0x00423763
0x00423771
0x00423774
0x00423783
0x00423786
0x0042378a
0x0042379f
0x0042378c
0x0042378c
0x0042378f
0x00423795
0x0042379a
0x0042379a
0x0042378a
0x004237a9
0x004237ac
0x004237af
0x004237b2
0x004237b5
0x004237b8
0x004237be
0x004237c4
0x004237cc
0x004237cd
0x004237d0
0x004237d1
0x004237d4
0x004237d5
0x004237dc
0x004237dd
0x004237e0
0x004237e1
0x004237e4
0x004237e5
0x004237eb
0x004237ec
0x004237fb
0x004237fd
0x00423803
0x00423803
0x00423808
0x0042380a
0x0042380e
0x00423810
0x00423818
0x00423819
0x0042381c
0x0042381d
0x0042382c
0x0042382e
0x0042382e
0x0042380e
0x00423831
0x00423838
0x0042383b
0x00423840
0x00423840
0x00423846
0x00423848
0x00423850
0x00423851
0x00423854
0x00423855
0x00423863
0x00423865
0x00423865
0x00423846
0x00423868
0x0042386b
0x0042386e
0x00423871
0x00423876
0x0042387b
0x0042387e
0x00423881
0x00423881
0x00423884
0x00423884
0x00423887
0x00423893
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x00423bb0
0x00423737
0x00423737
0x0042373e
0x00423741
0x00000000
0x00000000
0x00423743
0x00423743
0x00000000
0x00423743
0x00423728
0x00423728
0x00000000
0x00000000
0x00423388
0x00423388
0x00423393
0x0042339b
0x004233a2
0x004233a5
0x004233a5
0x004233a8
0x00423401
0x00423408
0x004233aa
0x004233b1
0x004233b7
0x004233bd
0x004233c4
0x004233c7
0x004233cd
0x004233d5
0x004233d7
0x004233de
0x004233e5
0x004233ec
0x004233f4
0x004233f6
0x004233f8
0x004233f8
0x004233ff
0x0042340f
0x00423415
0x00423418
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x0042389b
0x0042389e
0x004238a1
0x004238a4
0x00000000
0x00000000
0x004235fa
0x004235fa
0x00423606
0x0042360c
0x00423611
0x00423613
0x004236bd
0x004236bd
0x004236c0
0x004236c0
0x004236c3
0x004236d7
0x004236dd
0x004236e3
0x004236c5
0x004236c5
0x004236cb
0x004236d2
0x004236d2
0x004236e5
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00423619
0x00423619
0x00423619
0x0042361b
0x00423629
0x0042361d
0x0042361d
0x0042361d
0x00423633
0x00423639
0x0042363f
0x00423646
0x00423648
0x0042364d
0x0042364f
0x00423654
0x00423659
0x0042365b
0x00423660
0x00423663
0x00423666
0x00423668
0x00423668
0x00423666
0x00423669
0x00423670
0x004236b8
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423672
0x00423672
0x00423677
0x00423693
0x0042369b
0x004236a5
0x004236a8
0x004236ad
0x00000000
0x004236ad
0x00000000
0x00423904
0x00423904
0x0042390e
0x0042390e
0x00423914
0x00423916
0x00423919
0x00423919
0x0042391f
0x0042391f
0x00423922
0x00423925
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239de
0x004239e2
0x004239ea
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c3
0x004239c7
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x0042399d
0x004239a9
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423981
0x00423985
0x0042398d
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423954
0x00423960
0x00423966
0x00423966
0x0042392c
0x0042392c
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004234cd
0x004234cd
0x004234d1
0x004234df
0x004234e2
0x004234d3
0x004234d3
0x004234d3
0x004234e8
0x004234ee
0x004234f4
0x00423500
0x00423506
0x00423506
0x00423509
0x00423591
0x00423591
0x00423595
0x00423597
0x0042359d
0x0042359d
0x004235a0
0x004235a7
0x004235aa
0x004235b0
0x004235b0
0x004235b0
0x004235b6
0x004235bc
0x004235bf
0x004235c5
0x004235c7
0x00000000
0x00000000
0x004235c9
0x004235c9
0x004235cf
0x004235d2
0x004235d4
0x00000000
0x00000000
0x004235d6
0x004235dc
0x004235df
0x004235df
0x004235e7
0x004235e7
0x004235ed
0x004235ed
0x004235f2
0x00000000
0x0042350f
0x0042350f
0x0042350f
0x00423513
0x00423515
0x0042351a
0x0042351a
0x0042351d
0x00423520
0x00423526
0x00423538
0x00423538
0x00423538
0x0042353b
0x00423541
0x00000000
0x00000000
0x00423543
0x00423543
0x00423549
0x0042354c
0x0042354e
0x00000000
0x00000000
0x00423550
0x00423550
0x00423559
0x0042355f
0x00423563
0x0042356b
0x0042356d
0x0042356f
0x00423575
0x00423575
0x00423578
0x00423578
0x00423584
0x00423587
0x0042352f
0x00423532
0x00423532
0x00423535
0x00423535
0x0042358f
0x004235f5
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00000000
0x004238ad
0x004238ad
0x00423922
0x00423922
0x00423925
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239de
0x004239e2
0x004239ea
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c3
0x004239c7
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x0042399d
0x004239a9
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423981
0x00423985
0x0042398d
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423954
0x00423960
0x00423966
0x00423966
0x0042392c
0x0042392c
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00000000
0x004239fe
0x00000000
0x004238c9
0x004238c9
0x004238d3
0x004238d3
0x004238dd
0x004238dd
0x004238e3
0x004238e5
0x004238ea
0x004238f4
0x004238f4
0x004238f7
0x004238fb
0x004238fb
0x00423922
0x00423922
0x00423925
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239de
0x004239e2
0x004239ea
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c3
0x004239c7
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x0042399d
0x004239a9
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423981
0x00423985
0x0042398d
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423954
0x00423960
0x00423966
0x00423966
0x0042392c
0x0042392c
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00000000
0x004239fe
0x00000000
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x00000000
0x00423139
0x00423139
0x0042313c
0x0042313f
0x00000000
0x00000000
0x00423144
0x00423147
0x0042314d
0x00000000
0x00000000
0x0042312e
0x00423131
0x00423134
0x00000000
0x00000000
0x00423123
0x00423126
0x00423129
0x00000000
0x00000000
0x00423152
0x00423152
0x00423155
0x00423155
0x00423158
0x00000000
0x00000000
0x0042315b
0x00000000
0x00000000
0x00422fcb
0x00422fcb
0x00422fcd
0x00422fdb
0x00422fcf
0x00422fcf
0x00422fcf
0x00422feb
0x00422ff8
0x00422ffa
0x00422fff
0x00423001
0x00423006
0x0042300b
0x0042300d
0x00423012
0x00423018
0x0042301a
0x0042301a
0x00423018
0x0042301b
0x00423022
0x00000000
0x00423024
0x00423029
0x00423045
0x0042304d
0x0042305a
0x0042305f
0x00423e74
0x00423e81
0x00423e81
0x00423022
0x00422fc5
0x00423db0
0x00423db0
0x00423db7
0x00423dce
0x00423dce
0x00423dd8
0x00423dd8
0x00423dde
0x00423de4
0x00423deb
0x00423ded
0x00423df2
0x00423df4
0x00423df9
0x00423dfe
0x00423e00
0x00423e05
0x00423e08
0x00423e0b
0x00423e0d
0x00423e0d
0x00423e0b
0x00423e0e
0x00423e15
0x00423e60
0x00423e69
0x00423e6e
0x00423e17
0x00423e1c
0x00423e38
0x00423e40
0x00423e4d
0x00423e52
0x00423e52
0x00000000
0x00423e15
0x00423db9
0x00423db9
0x00423dc0
0x00000000
0x00000000
0x00423dc2
0x00423dc2
0x00000000
0x00423dc2
0x00423bb0
0x00423b87
0x00423b87
0x00423b8b
0x00423b98
0x00423b9b
0x00423b9e
0x00423ba1
0x00423ba4
0x00423ba7
0x00423baa
0x00423baa
0x00423bad
0x00000000
0x00423bad
0x00423b8d
0x00423b8d
0x00423b90
0x00423b93
0x00423b96
0x00000000
0x00000000
0x00000000
0x00423b96
0x00423aec
0x00423aec
0x00423aef
0x00423af2
0x00423af9
0x00423b00
0x00423b08
0x00423b0e
0x00423b11
0x00423b14
0x00423b1b
0x00423b27
0x00423b2d
0x00423b33
0x00423b3a
0x00423b3c
0x00423b42
0x00423b42
0x00423b48
0x00423b48
0x00423b4e
0x00423b57
0x00423b5c
0x00423b5f
0x00423ace
0x00423ace
0x00423ad4
0x00423ad7
0x00423ada
0x00423adc
0x00000000
0x00000000
0x00000000
0x00423adc
0x00423ace
0x00423a0b
0x00423a0b
0x00423a12
0x00000000
0x00000000
0x00000000
0x00423a40
0x00423a40
0x00423a46
0x00423a4c
0x00423a52
0x00000000
0x00423a52
0x00423922
0x004238d3
0x004238bd

APIs

_get_int64_arg.LIBCMTD ref: 00423930
__aullrem.LIBCMT ref: 00423B00
__aulldiv.LIBCMT ref: 00423B22

Strings

9, xrefs: 00423B33

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 80f36c88f3207dc5ac16add0bc50c7bc1b6018536e32127ad29bdd8e33f80b18
Instruction ID: ca625eec5cf81ee750f24a248bbce6e54f1b23b380aee365a15d8d23c67969aa
Opcode Fuzzy Hash: 80f36c88f3207dc5ac16add0bc50c7bc1b6018536e32127ad29bdd8e33f80b18
Instruction Fuzzy Hash: 6C4128B1E101299FDB24CF48D881BAEB7B5FF85315F5040AAE289AB241C7785E81CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0042205C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E0042205C(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi) {
				signed int _t496;
				signed int _t518;
				void* _t523;
				signed int _t525;
				void* _t545;
				signed int _t563;
				signed int _t576;
				signed int _t580;
				signed short _t581;
				signed int _t584;
				signed int _t587;
				signed int _t588;
				intOrPtr _t589;
				signed int _t611;
				signed int _t639;
				signed int _t647;
				signed int _t649;
				signed int _t651;
				signed int _t658;
				signed int _t662;
				signed int _t698;
				intOrPtr _t699;
				intOrPtr _t700;
				signed int _t701;
				void* _t703;

				L0:
				while(1) {
					L0:
					_t700 = __esi;
					_t699 = __edi;
					_t589 = __ebx;
					 *(_t701 - 8) = 8;
					if(( *(_t701 - 0x10) & 0x00000080) != 0) {
						__edx =  *(__ebp - 0x10);
						__edx =  *(__ebp - 0x10) | 0x00000200;
						__eflags = __edx;
						 *(__ebp - 0x10) = __edx;
					}
					while(1) {
						L153:
						__eflags =  *(_t701 - 0x10) & 0x00008000;
						if(( *(_t701 - 0x10) & 0x00008000) == 0) {
							_t649 =  *(_t701 - 0x10) & 0x00001000;
							__eflags = _t649;
							if(_t649 == 0) {
								__eflags =  *(_t701 - 0x10) & 0x00000020;
								if(( *(_t701 - 0x10) & 0x00000020) == 0) {
									_t651 =  *(_t701 - 0x10) & 0x00000040;
									__eflags = _t651;
									if(_t651 == 0) {
										_t496 = E0041C290(_t701 + 0x14);
										_t703 = _t703 + 4;
										__eflags = 0;
										 *(_t701 - 0x2b8) = _t496;
										 *(_t701 - 0x2b4) = 0;
									} else {
										_t580 = E0041C290(_t701 + 0x14);
										_t703 = _t703 + 4;
										asm("cdq");
										 *(_t701 - 0x2b8) = _t580;
										 *(_t701 - 0x2b4) = _t651;
									}
								} else {
									_t698 =  *(_t701 - 0x10) & 0x00000040;
									__eflags = _t698;
									if(_t698 == 0) {
										_t581 = E0041C290(_t701 + 0x14);
										_t703 = _t703 + 4;
										asm("cdq");
										 *(_t701 - 0x2b8) = _t581 & 0x0000ffff;
										 *(_t701 - 0x2b4) = _t698;
									} else {
										_t584 = E0041C290(_t701 + 0x14);
										_t703 = _t703 + 4;
										asm("cdq");
										 *(_t701 - 0x2b8) = _t584;
										 *(_t701 - 0x2b4) = _t698;
									}
								}
							} else {
								_t587 = E0041C2B0(_t701 + 0x14);
								_t703 = _t703 + 4;
								 *(_t701 - 0x2b8) = _t587;
								 *(_t701 - 0x2b4) = _t649;
							}
						} else {
							_t588 = E0041C2B0(_t701 + 0x14);
							_t703 = _t703 + 4;
							 *(_t701 - 0x2b8) = _t588;
							 *(_t701 - 0x2b4) = _t647;
						}
						__eflags =  *(_t701 - 0x10) & 0x00000040;
						if(( *(_t701 - 0x10) & 0x00000040) == 0) {
							goto L170;
						}
						L166:
						__eflags =  *(_t701 - 0x2b4);
						if(__eflags > 0) {
							goto L170;
						}
						L167:
						if(__eflags < 0) {
							L169:
							asm("adc edx, 0x0");
							 *(_t701 - 0x2c0) =  ~( *(_t701 - 0x2b8));
							 *(_t701 - 0x2bc) =  ~( *(_t701 - 0x2b4));
							 *(_t701 - 0x10) =  *(_t701 - 0x10) | 0x00000100;
							L171:
							__eflags =  *(_t701 - 0x10) & 0x00008000;
							if(( *(_t701 - 0x10) & 0x00008000) == 0) {
								__eflags =  *(_t701 - 0x10) & 0x00001000;
								if(( *(_t701 - 0x10) & 0x00001000) == 0) {
									_t576 =  *(_t701 - 0x2bc) & 0x00000000;
									__eflags = _t576;
									 *(_t701 - 0x2bc) = _t576;
								}
							}
							__eflags =  *(_t701 - 0x30);
							if( *(_t701 - 0x30) >= 0) {
								 *(_t701 - 0x10) =  *(_t701 - 0x10) & 0xfffffff7;
								__eflags =  *(_t701 - 0x30) - 0x200;
								if( *(_t701 - 0x30) > 0x200) {
									 *(_t701 - 0x30) = 0x200;
								}
							} else {
								 *(_t701 - 0x30) = 1;
							}
							__eflags =  *(_t701 - 0x2c0) |  *(_t701 - 0x2bc);
							if(( *(_t701 - 0x2c0) |  *(_t701 - 0x2bc)) == 0) {
								 *(_t701 - 0x1c) = 0;
							}
							 *((intOrPtr*)(_t701 - 4)) = _t701 - 0x49;
							while(1) {
								L181:
								_t657 =  *(_t701 - 0x30) - 1;
								 *(_t701 - 0x30) =  *(_t701 - 0x30) - 1;
								__eflags =  *(_t701 - 0x30);
								if( *(_t701 - 0x30) > 0) {
									goto L183;
								}
								L182:
								__eflags =  *(_t701 - 0x2c0) |  *(_t701 - 0x2bc);
								if(( *(_t701 - 0x2c0) |  *(_t701 - 0x2bc)) == 0) {
									L186:
									 *(_t701 - 0x24) = _t701 - 0x49 -  *((intOrPtr*)(_t701 - 4));
									 *((intOrPtr*)(_t701 - 4)) =  *((intOrPtr*)(_t701 - 4)) + 1;
									__eflags =  *(_t701 - 0x10) & 0x00000200;
									if(( *(_t701 - 0x10) & 0x00000200) == 0) {
										while(1) {
											L190:
											__eflags =  *(_t701 - 0x28);
											if( *(_t701 - 0x28) != 0) {
												goto L216;
											}
											L191:
											__eflags =  *(_t701 - 0x10) & 0x00000040;
											if(( *(_t701 - 0x10) & 0x00000040) != 0) {
												__eflags =  *(_t701 - 0x10) & 0x00000100;
												if(( *(_t701 - 0x10) & 0x00000100) == 0) {
													__eflags =  *(_t701 - 0x10) & 0x00000001;
													if(( *(_t701 - 0x10) & 0x00000001) == 0) {
														__eflags =  *(_t701 - 0x10) & 0x00000002;
														if(( *(_t701 - 0x10) & 0x00000002) != 0) {
															 *((char*)(_t701 - 0x14)) = 0x20;
															 *(_t701 - 0x1c) = 1;
														}
													} else {
														 *((char*)(_t701 - 0x14)) = 0x2b;
														 *(_t701 - 0x1c) = 1;
													}
												} else {
													 *((char*)(_t701 - 0x14)) = 0x2d;
													 *(_t701 - 0x1c) = 1;
												}
											}
											 *((intOrPtr*)(_t701 - 0x2c4)) =  *((intOrPtr*)(_t701 - 0x18)) -  *(_t701 - 0x24) -  *(_t701 - 0x1c);
											__eflags =  *(_t701 - 0x10) & 0x0000000c;
											if(( *(_t701 - 0x10) & 0x0000000c) == 0) {
												E00422790(0x20,  *((intOrPtr*)(_t701 - 0x2c4)),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
												_t703 = _t703 + 0x10;
											}
											E004227D0( *(_t701 - 0x1c), _t701 - 0x14,  *(_t701 - 0x1c),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
											_t703 = _t703 + 0x10;
											__eflags =  *(_t701 - 0x10) & 0x00000008;
											if(( *(_t701 - 0x10) & 0x00000008) != 0) {
												__eflags =  *(_t701 - 0x10) & 0x00000004;
												if(( *(_t701 - 0x10) & 0x00000004) == 0) {
													E00422790(0x30,  *((intOrPtr*)(_t701 - 0x2c4)),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
													_t703 = _t703 + 0x10;
												}
											}
											__eflags =  *(_t701 - 0xc);
											if( *(_t701 - 0xc) == 0) {
												L212:
												E004227D0( *((intOrPtr*)(_t701 - 4)),  *((intOrPtr*)(_t701 - 4)),  *(_t701 - 0x24),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
												_t703 = _t703 + 0x10;
												goto L213;
											} else {
												L204:
												__eflags =  *(_t701 - 0x24);
												if( *(_t701 - 0x24) <= 0) {
													goto L212;
												}
												L205:
												 *(_t701 - 0x2dc) = 0;
												 *((intOrPtr*)(_t701 - 0x2c8)) =  *((intOrPtr*)(_t701 - 4));
												 *(_t701 - 0x2cc) =  *(_t701 - 0x24);
												while(1) {
													L206:
													 *(_t701 - 0x2cc) =  *(_t701 - 0x2cc) - 1;
													__eflags =  *(_t701 - 0x2cc);
													if( *(_t701 - 0x2cc) == 0) {
														break;
													}
													L207:
													 *(_t701 - 0x32e) =  *((intOrPtr*)( *((intOrPtr*)(_t701 - 0x2c8))));
													_t563 = E004212A0(_t701 - 0x2d0, _t701 - 0x2d8, 6,  *(_t701 - 0x32e) & 0x0000ffff);
													_t703 = _t703 + 0x10;
													 *(_t701 - 0x2dc) = _t563;
													 *((intOrPtr*)(_t701 - 0x2c8)) =  *((intOrPtr*)(_t701 - 0x2c8)) + 2;
													__eflags =  *(_t701 - 0x2dc);
													if( *(_t701 - 0x2dc) != 0) {
														L209:
														 *(_t701 - 0x24c) = 0xffffffff;
														break;
													}
													L208:
													__eflags =  *(_t701 - 0x2d0);
													if( *(_t701 - 0x2d0) != 0) {
														L210:
														E004227D0( *((intOrPtr*)(_t701 + 8)), _t701 - 0x2d8,  *(_t701 - 0x2d0),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
														_t703 = _t703 + 0x10;
														continue;
													}
													goto L209;
												}
												L211:
												L213:
												__eflags =  *(_t701 - 0x24c);
												if( *(_t701 - 0x24c) >= 0) {
													__eflags =  *(_t701 - 0x10) & 0x00000004;
													if(( *(_t701 - 0x10) & 0x00000004) != 0) {
														E00422790(0x20,  *((intOrPtr*)(_t701 - 0x2c4)),  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
														_t703 = _t703 + 0x10;
													}
												}
											}
											L216:
											__eflags =  *(_t701 - 0x20);
											if( *(_t701 - 0x20) != 0) {
												L0040C240( *(_t701 - 0x20), 2);
												_t703 = _t703 + 8;
												 *(_t701 - 0x20) = 0;
											}
											while(1) {
												L218:
												 *(_t701 - 0x251) =  *( *(_t701 + 0xc));
												_t665 =  *(_t701 - 0x251);
												 *(_t701 + 0xc) =  *(_t701 + 0xc) + 1;
												if( *(_t701 - 0x251) == 0 ||  *(_t701 - 0x24c) < 0) {
													break;
												} else {
													if( *(_t701 - 0x251) < 0x20 ||  *(_t701 - 0x251) > 0x78) {
														 *(_t701 - 0x310) = 0;
													} else {
														 *(_t701 - 0x310) =  *( *(_t701 - 0x251) + L"pecifier\", 0)") & 0xf;
													}
												}
												L7:
												 *(_t701 - 0x250) =  *(_t701 - 0x310);
												_t525 =  *(_t701 - 0x250) * 9;
												_t611 =  *(_t701 - 0x25c);
												_t665 = ( *(_t525 + _t611 + 0x4083d0) & 0x000000ff) >> 4;
												 *(_t701 - 0x25c) = ( *(_t525 + _t611 + 0x4083d0) & 0x000000ff) >> 4;
												if( *(_t701 - 0x25c) != 8) {
													L16:
													 *(_t701 - 0x318) =  *(_t701 - 0x25c);
													__eflags =  *(_t701 - 0x318) - 7;
													if( *(_t701 - 0x318) > 7) {
														continue;
													}
													L17:
													switch( *((intOrPtr*)( *(_t701 - 0x318) * 4 +  &M004225E0))) {
														case 0:
															L18:
															 *(_t701 - 0xc) = 0;
															_t528 = E00419390( *(_t701 - 0x251) & 0x000000ff, E0040D3B0(_t701 - 0x40));
															_t706 = _t703 + 8;
															__eflags = _t528;
															if(_t528 == 0) {
																L24:
																E004226F0( *(_t701 - 0x251) & 0x000000ff,  *(_t701 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
																_t703 = _t706 + 0xc;
																goto L218;
															} else {
																E004226F0( *((intOrPtr*)(_t701 + 8)),  *(_t701 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t701 + 8)), _t701 - 0x24c);
																_t706 = _t706 + 0xc;
																_t616 =  *( *(_t701 + 0xc));
																 *(_t701 - 0x251) =  *( *(_t701 + 0xc));
																_t665 =  *(_t701 + 0xc) + 1;
																__eflags = _t665;
																 *(_t701 + 0xc) = _t665;
																asm("sbb eax, eax");
																 *(_t701 - 0x27c) =  ~( ~( *(_t701 - 0x251)));
																if(_t665 == 0) {
																	_push(L"(ch != _T(\'\\0\'))");
																	_push(0);
																	_push(0x486);
																	_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																	_push(2);
																	_t540 = L0040E1A0();
																	_t706 = _t706 + 0x14;
																	__eflags = _t540 - 1;
																	if(_t540 == 1) {
																		asm("int3");
																	}
																}
																L22:
																__eflags =  *(_t701 - 0x27c);
																if( *(_t701 - 0x27c) != 0) {
																	goto L24;
																} else {
																	 *((intOrPtr*)(L0040EC70(_t616))) = 0x16;
																	E00411A50(_t589, _t616, _t699, _t700, L"(ch != _T(\'\\0\'))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x486, 0);
																	 *(_t701 - 0x2f4) = 0xffffffff;
																	E0040D380(_t701 - 0x40);
																	_t518 =  *(_t701 - 0x2f4);
																	goto L229;
																}
															}
														case 1:
															L25:
															 *(__ebp - 0x2c) = 0;
															__edx =  *(__ebp - 0x2c);
															 *(__ebp - 0x28) =  *(__ebp - 0x2c);
															__eax =  *(__ebp - 0x28);
															 *(__ebp - 0x18) =  *(__ebp - 0x28);
															__ecx =  *(__ebp - 0x18);
															 *(__ebp - 0x1c) = __ecx;
															 *(__ebp - 0x10) = 0;
															 *(__ebp - 0x30) = 0xffffffff;
															 *(__ebp - 0xc) = 0;
															goto L218;
														case 2:
															L26:
															__edx =  *((char*)(__ebp - 0x251));
															 *(__ebp - 0x31c) =  *((char*)(__ebp - 0x251));
															 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
															 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
															__eflags =  *(__ebp - 0x31c) - 0x10;
															if( *(__ebp - 0x31c) > 0x10) {
																goto L33;
															}
															L27:
															__ecx =  *(__ebp - 0x31c);
															_t73 = __ecx + 0x422618; // 0x498d04
															__edx =  *_t73 & 0x000000ff;
															switch( *((intOrPtr*)(( *_t73 & 0x000000ff) * 4 +  &M00422600))) {
																case 0:
																	goto L30;
																case 1:
																	goto L31;
																case 2:
																	goto L29;
																case 3:
																	goto L28;
																case 4:
																	goto L32;
																case 5:
																	goto L33;
															}
														case 3:
															L34:
															__edx =  *((char*)(__ebp - 0x251));
															__eflags =  *((char*)(__ebp - 0x251)) - 0x2a;
															if( *((char*)(__ebp - 0x251)) != 0x2a) {
																__eax =  *(__ebp - 0x18);
																__eax =  *(__ebp - 0x18) * 0xa;
																__eflags = __eax;
																__ecx =  *((char*)(__ebp - 0x251));
																_t97 = __ecx - 0x30; // -48
																__edx = __eax + _t97;
																 *(__ebp - 0x18) = __eax + _t97;
															} else {
																__eax = __ebp + 0x14;
																 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
																__eflags =  *(__ebp - 0x18);
																if( *(__ebp - 0x18) < 0) {
																	__ecx =  *(__ebp - 0x10);
																	__ecx =  *(__ebp - 0x10) | 0x00000004;
																	__eflags = __ecx;
																	 *(__ebp - 0x10) = __ecx;
																	 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
																	 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
																}
															}
															goto L218;
														case 4:
															L40:
															 *(__ebp - 0x30) = 0;
															goto L218;
														case 5:
															L41:
															__eax =  *((char*)(__ebp - 0x251));
															__eflags =  *((char*)(__ebp - 0x251)) - 0x2a;
															if( *((char*)(__ebp - 0x251)) != 0x2a) {
																__edx =  *(__ebp - 0x30);
																__edx =  *(__ebp - 0x30) * 0xa;
																__eflags = __edx;
																_t108 =  *((char*)(__ebp - 0x251)) - 0x30; // -48
																__ecx = __edx + _t108;
																 *(__ebp - 0x30) = __ecx;
															} else {
																__ecx = __ebp + 0x14;
																 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) < 0) {
																	 *(__ebp - 0x30) = 0xffffffff;
																}
															}
															goto L218;
														case 6:
															L47:
															__edx =  *((char*)(__ebp - 0x251));
															 *(__ebp - 0x320) =  *((char*)(__ebp - 0x251));
															 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
															 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
															__eflags =  *(__ebp - 0x320) - 0x2e;
															if( *(__ebp - 0x320) > 0x2e) {
																L70:
																goto L218;
															}
															L48:
															__ecx =  *(__ebp - 0x320);
															_t116 = __ecx + 0x422640; // 0x1e4e9003
															__edx =  *_t116 & 0x000000ff;
															switch( *((intOrPtr*)(( *_t116 & 0x000000ff) * 4 +  &M0042262C))) {
																case 0:
																	L53:
																	__edx =  *(__ebp + 0xc);
																	__eax =  *( *(__ebp + 0xc));
																	__eflags =  *( *(__ebp + 0xc)) - 0x36;
																	if( *( *(__ebp + 0xc)) != 0x36) {
																		L56:
																		__edx =  *(__ebp + 0xc);
																		__eax =  *( *(__ebp + 0xc));
																		__eflags =  *( *(__ebp + 0xc)) - 0x33;
																		if( *( *(__ebp + 0xc)) != 0x33) {
																			L59:
																			__edx =  *(__ebp + 0xc);
																			__eax =  *( *(__ebp + 0xc));
																			__eflags =  *( *(__ebp + 0xc)) - 0x64;
																			if( *( *(__ebp + 0xc)) == 0x64) {
																				L65:
																				L67:
																				goto L70;
																			}
																			L60:
																			__ecx =  *(__ebp + 0xc);
																			__edx =  *__ecx;
																			__eflags =  *__ecx - 0x69;
																			if( *__ecx == 0x69) {
																				goto L65;
																			}
																			L61:
																			__eax =  *(__ebp + 0xc);
																			__ecx =  *( *(__ebp + 0xc));
																			__eflags = __ecx - 0x6f;
																			if(__ecx == 0x6f) {
																				goto L65;
																			}
																			L62:
																			__edx =  *(__ebp + 0xc);
																			__eax =  *( *(__ebp + 0xc));
																			__eflags =  *( *(__ebp + 0xc)) - 0x75;
																			if( *( *(__ebp + 0xc)) == 0x75) {
																				goto L65;
																			}
																			L63:
																			__ecx =  *(__ebp + 0xc);
																			__edx =  *__ecx;
																			__eflags =  *__ecx - 0x78;
																			if( *__ecx == 0x78) {
																				goto L65;
																			}
																			L64:
																			__eax =  *(__ebp + 0xc);
																			__ecx =  *( *(__ebp + 0xc));
																			__eflags = __ecx - 0x58;
																			if(__ecx != 0x58) {
																				 *(__ebp - 0x25c) = 0;
																				goto L18;
																			}
																			goto L65;
																		}
																		L57:
																		__ecx =  *(__ebp + 0xc);
																		__edx =  *((char*)(__ecx + 1));
																		__eflags =  *((char*)(__ecx + 1)) - 0x32;
																		if( *((char*)(__ecx + 1)) != 0x32) {
																			goto L59;
																		} else {
																			 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																			 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																			__ecx =  *(__ebp - 0x10);
																			__ecx =  *(__ebp - 0x10) & 0xffff7fff;
																			 *(__ebp - 0x10) = __ecx;
																			goto L67;
																		}
																	}
																	L54:
																	__ecx =  *(__ebp + 0xc);
																	__edx =  *((char*)(__ecx + 1));
																	__eflags =  *((char*)(__ecx + 1)) - 0x34;
																	if( *((char*)(__ecx + 1)) != 0x34) {
																		goto L56;
																	} else {
																		 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																		 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																		__ecx =  *(__ebp - 0x10);
																		__ecx =  *(__ebp - 0x10) | 0x00008000;
																		 *(__ebp - 0x10) = __ecx;
																		goto L67;
																	}
																case 1:
																	L68:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																	goto L70;
																case 2:
																	L49:
																	__eax =  *(__ebp + 0xc);
																	__ecx =  *( *(__ebp + 0xc));
																	__eflags = __ecx - 0x6c;
																	if(__ecx != 0x6c) {
																		__ecx =  *(__ebp - 0x10);
																		__ecx =  *(__ebp - 0x10) | 0x00000010;
																		__eflags = __ecx;
																		 *(__ebp - 0x10) = __ecx;
																	} else {
																		 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
																		 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																	}
																	goto L70;
																case 3:
																	L69:
																	__eax =  *(__ebp - 0x10);
																	__eax =  *(__ebp - 0x10) | 0x00000800;
																	__eflags = __eax;
																	 *(__ebp - 0x10) = __eax;
																	goto L70;
																case 4:
																	goto L70;
															}
														case 7:
															L71:
															__ecx =  *((char*)(__ebp - 0x251));
															 *(__ebp - 0x324) = __ecx;
															 *(__ebp - 0x324) =  *(__ebp - 0x324) - 0x41;
															 *(__ebp - 0x324) =  *(__ebp - 0x324) - 0x41;
															__eflags =  *(__ebp - 0x324) - 0x37;
															if( *(__ebp - 0x324) > 0x37) {
																while(1) {
																	L190:
																	__eflags =  *(_t701 - 0x28);
																	if( *(_t701 - 0x28) != 0) {
																		goto L216;
																	}
																	goto L191;
																}
															}
															L72:
															_t157 =  *(__ebp - 0x324) + 0x4226ac; // 0xcccccc0d
															__ecx =  *_t157 & 0x000000ff;
															switch( *((intOrPtr*)(__ecx * 4 +  &M00422670))) {
																case 0:
																	L123:
																	 *(__ebp - 0x2c) = 1;
																	__ecx =  *((char*)(__ebp - 0x251));
																	__ecx =  *((char*)(__ebp - 0x251)) + 0x20;
																	__eflags = __ecx;
																	 *((char*)(__ebp - 0x251)) = __cl;
																	goto L124;
																case 1:
																	L73:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																	__eflags =  *(__ebp - 0x10) & 0x00000830;
																	if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																		__eax =  *(__ebp - 0x10);
																		__eax =  *(__ebp - 0x10) | 0x00000800;
																		__eflags = __eax;
																		 *(__ebp - 0x10) = __eax;
																	}
																	goto L75;
																case 2:
																	L88:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																	__eflags =  *(__ebp - 0x10) & 0x00000830;
																	if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																		__ecx =  *(__ebp - 0x10);
																		__ecx =  *(__ebp - 0x10) | 0x00000800;
																		__eflags = __ecx;
																		 *(__ebp - 0x10) = __ecx;
																	}
																	goto L90;
																case 3:
																	L147:
																	 *(__ebp - 0x260) = 7;
																	goto L149;
																case 4:
																	L81:
																	__eax = __ebp + 0x14;
																	 *(__ebp - 0x288) = E0041C290(__ebp + 0x14);
																	__eflags =  *(__ebp - 0x288);
																	if( *(__ebp - 0x288) == 0) {
																		L83:
																		__edx =  *0x60b4f0; // 0x407424
																		 *(__ebp - 4) = __edx;
																		__eax =  *(__ebp - 4);
																		 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																		L87:
																		goto L190;
																	}
																	L82:
																	__ecx =  *(__ebp - 0x288);
																	__eflags =  *(__ecx + 4);
																	if( *(__ecx + 4) != 0) {
																		L84:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
																		__eflags =  *(__ebp - 0x10) & 0x00000800;
																		if(( *(__ebp - 0x10) & 0x00000800) == 0) {
																			 *(__ebp - 0xc) = 0;
																			__edx =  *(__ebp - 0x288);
																			__eax =  *(__edx + 4);
																			 *(__ebp - 4) =  *(__edx + 4);
																			__ecx =  *(__ebp - 0x288);
																			__edx =  *__ecx;
																			 *(__ebp - 0x24) =  *__ecx;
																		} else {
																			__edx =  *(__ebp - 0x288);
																			__eax =  *(__edx + 4);
																			 *(__ebp - 4) =  *(__edx + 4);
																			__ecx =  *(__ebp - 0x288);
																			__eax =  *__ecx;
																			asm("cdq");
																			 *__ecx - __edx =  *__ecx - __edx >> 1;
																			 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
																			 *(__ebp - 0xc) = 1;
																		}
																		goto L87;
																	}
																	goto L83;
																case 5:
																	L124:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																	__eax = __ebp - 0x248;
																	 *(__ebp - 4) = __ebp - 0x248;
																	 *(__ebp - 0x44) = 0x200;
																	__eflags =  *(__ebp - 0x30);
																	if( *(__ebp - 0x30) >= 0) {
																		L126:
																		__eflags =  *(__ebp - 0x30);
																		if( *(__ebp - 0x30) != 0) {
																			L129:
																			__eflags =  *(__ebp - 0x30) - 0x200;
																			if( *(__ebp - 0x30) > 0x200) {
																				 *(__ebp - 0x30) = 0x200;
																			}
																			L131:
																			__eflags =  *(__ebp - 0x30) - 0xa3;
																			if( *(__ebp - 0x30) > 0xa3) {
																				 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																				 *(__ebp - 0x20) = L0040B5C0(__ecx,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																				__eflags =  *(__ebp - 0x20);
																				if( *(__ebp - 0x20) == 0) {
																					 *(__ebp - 0x30) = 0xa3;
																				} else {
																					__eax =  *(__ebp - 0x20);
																					 *(__ebp - 4) =  *(__ebp - 0x20);
																					 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																					 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																				}
																			}
																			 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																			 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																			__eax =  *(__ebp + 0x14);
																			__ecx =  *(__eax - 8);
																			__edx =  *(__eax - 4);
																			 *(__ebp - 0x2a8) =  *(__eax - 8);
																			 *(__ebp - 0x2a4) =  *(__eax - 4);
																			__ecx = __ebp - 0x40;
																			_push(E0040D3B0(__ebp - 0x40));
																			__eax =  *(__ebp - 0x2c);
																			_push( *(__ebp - 0x2c));
																			__ecx =  *(__ebp - 0x30);
																			_push( *(__ebp - 0x30));
																			__edx =  *((char*)(__ebp - 0x251));
																			_push( *((char*)(__ebp - 0x251)));
																			__eax =  *(__ebp - 0x44);
																			_push( *(__ebp - 0x44));
																			__ecx =  *(__ebp - 4);
																			_push( *(__ebp - 4));
																			__edx = __ebp - 0x2a8;
																			_push(__ebp - 0x2a8);
																			__eax =  *0x60b3cc; // 0x7e8c4bdb
																			__eax =  *__eax();
																			__esp = __esp + 0x1c;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			__eflags =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				__eflags =  *(__ebp - 0x30);
																				if( *(__ebp - 0x30) == 0) {
																					__ecx = __ebp - 0x40;
																					_push(E0040D3B0(__ebp - 0x40));
																					__edx =  *(__ebp - 4);
																					_push( *(__ebp - 4));
																					__eax =  *0x60b3d8; // 0x7e8c4bdb
																					__eax =  *__eax();
																					__esp = __esp + 8;
																				}
																			}
																			__ecx =  *((char*)(__ebp - 0x251));
																			__eflags =  *((char*)(__ebp - 0x251)) - 0x67;
																			if( *((char*)(__ebp - 0x251)) == 0x67) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																				__eflags =  *(__ebp - 0x10) & 0x00000080;
																				if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																					__ecx = __ebp - 0x40;
																					_push(E0040D3B0(__ebp - 0x40));
																					__eax =  *(__ebp - 4);
																					_push( *(__ebp - 4));
																					__ecx =  *0x60b3d4; // 0x7e8c4bdb
																					E00410200(__ecx) =  *__eax();
																					__esp = __esp + 8;
																				}
																			}
																			__edx =  *(__ebp - 4);
																			__eax =  *( *(__ebp - 4));
																			__eflags =  *( *(__ebp - 4)) - 0x2d;
																			if( *( *(__ebp - 4)) == 0x2d) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																				__edx =  *(__ebp - 4);
																				__edx =  *(__ebp - 4) + 1;
																				__eflags = __edx;
																				 *(__ebp - 4) = __edx;
																			}
																			__eax =  *(__ebp - 4);
																			 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																			do {
																				L190:
																				__eflags =  *(_t701 - 0x28);
																				if( *(_t701 - 0x28) != 0) {
																					goto L216;
																				}
																				goto L191;
																			} while ( *(__ebp - 0x324) > 0x37);
																			goto L72;
																		}
																		L127:
																		__ecx =  *((char*)(__ebp - 0x251));
																		__eflags = __ecx - 0x67;
																		if(__ecx != 0x67) {
																			goto L129;
																		}
																		L128:
																		 *(__ebp - 0x30) = 1;
																		goto L131;
																	}
																	L125:
																	 *(__ebp - 0x30) = 6;
																	goto L131;
																case 6:
																	L75:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
																	__eflags =  *(__ebp - 0x10) & 0x00000810;
																	if(( *(__ebp - 0x10) & 0x00000810) == 0) {
																		__ebp + 0x14 = E0041C290(__ebp + 0x14);
																		 *(__ebp - 0x284) = __ax;
																		__cl =  *(__ebp - 0x284);
																		 *(__ebp - 0x248) = __cl;
																		 *(__ebp - 0x24) = 1;
																	} else {
																		 *(__ebp - 0x280) = 0;
																		__edx = __ebp + 0x14;
																		__eax = E0041C2D0(__ebp + 0x14);
																		 *(__ebp - 0x258) = __ax;
																		__eax =  *(__ebp - 0x258) & 0x0000ffff;
																		__ecx = __ebp - 0x248;
																		__edx = __ebp - 0x24;
																		 *(__ebp - 0x280) = E004212A0(__ebp - 0x24, __ebp - 0x248, 0x200,  *(__ebp - 0x258) & 0x0000ffff);
																		__eflags =  *(__ebp - 0x280);
																		if( *(__ebp - 0x280) != 0) {
																			 *(__ebp - 0x28) = 1;
																		}
																	}
																	__edx = __ebp - 0x248;
																	 *(__ebp - 4) = __ebp - 0x248;
																	while(1) {
																		L190:
																		__eflags =  *(_t701 - 0x28);
																		if( *(_t701 - 0x28) != 0) {
																			goto L216;
																		}
																		goto L191;
																	}
																case 7:
																	L144:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																	 *((intOrPtr*)(__ebp - 8)) = 0xa;
																	L153:
																	__eflags =  *(_t701 - 0x10) & 0x00008000;
																	if(( *(_t701 - 0x10) & 0x00008000) == 0) {
																		_t649 =  *(_t701 - 0x10) & 0x00001000;
																		__eflags = _t649;
																		if(_t649 == 0) {
																			__eflags =  *(_t701 - 0x10) & 0x00000020;
																			if(( *(_t701 - 0x10) & 0x00000020) == 0) {
																				_t651 =  *(_t701 - 0x10) & 0x00000040;
																				__eflags = _t651;
																				if(_t651 == 0) {
																					_t496 = E0041C290(_t701 + 0x14);
																					_t703 = _t703 + 4;
																					__eflags = 0;
																					 *(_t701 - 0x2b8) = _t496;
																					 *(_t701 - 0x2b4) = 0;
																				} else {
																					_t580 = E0041C290(_t701 + 0x14);
																					_t703 = _t703 + 4;
																					asm("cdq");
																					 *(_t701 - 0x2b8) = _t580;
																					 *(_t701 - 0x2b4) = _t651;
																				}
																			} else {
																				_t698 =  *(_t701 - 0x10) & 0x00000040;
																				__eflags = _t698;
																				if(_t698 == 0) {
																					_t581 = E0041C290(_t701 + 0x14);
																					_t703 = _t703 + 4;
																					asm("cdq");
																					 *(_t701 - 0x2b8) = _t581 & 0x0000ffff;
																					 *(_t701 - 0x2b4) = _t698;
																				} else {
																					_t584 = E0041C290(_t701 + 0x14);
																					_t703 = _t703 + 4;
																					asm("cdq");
																					 *(_t701 - 0x2b8) = _t584;
																					 *(_t701 - 0x2b4) = _t698;
																				}
																			}
																		} else {
																			_t587 = E0041C2B0(_t701 + 0x14);
																			_t703 = _t703 + 4;
																			 *(_t701 - 0x2b8) = _t587;
																			 *(_t701 - 0x2b4) = _t649;
																		}
																	} else {
																		_t588 = E0041C2B0(_t701 + 0x14);
																		_t703 = _t703 + 4;
																		 *(_t701 - 0x2b8) = _t588;
																		 *(_t701 - 0x2b4) = _t647;
																	}
																	__eflags =  *(_t701 - 0x10) & 0x00000040;
																	if(( *(_t701 - 0x10) & 0x00000040) == 0) {
																		goto L170;
																	}
																case 8:
																	L109:
																	__ecx = __ebp + 0x14;
																	 *(__ebp - 0x298) = E0041C290(__ebp + 0x14);
																	__eax = E00420F80();
																	__eflags = __eax;
																	if(__eax != 0) {
																		L119:
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																		__eflags =  *(__ebp - 0x10) & 0x00000020;
																		if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																			__edx =  *(__ebp - 0x298);
																			__eax =  *(__ebp - 0x24c);
																			 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
																		} else {
																			__eax =  *(__ebp - 0x298);
																			 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
																		}
																		 *(__ebp - 0x28) = 1;
																		while(1) {
																			L190:
																			__eflags =  *(_t701 - 0x28);
																			if( *(_t701 - 0x28) != 0) {
																				goto L216;
																			}
																			goto L191;
																		}
																	}
																	L110:
																	__edx = 0;
																	__eflags = 0;
																	if(0 == 0) {
																		 *(__ebp - 0x32c) = 0;
																	} else {
																		 *(__ebp - 0x32c) = 1;
																	}
																	__eax =  *(__ebp - 0x32c);
																	 *(__ebp - 0x29c) =  *(__ebp - 0x32c);
																	__eflags =  *(__ebp - 0x29c);
																	if( *(__ebp - 0x29c) == 0) {
																		_push(L"(\"\'n\' format specifier disabled\", 0)");
																		_push(0);
																		_push(0x695);
																		_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																		_push(2);
																		__eax = L0040E1A0();
																		__esp = __esp + 0x14;
																		__eflags = __eax - 1;
																		if(__eax == 1) {
																			asm("int3");
																		}
																	}
																	__eflags =  *(__ebp - 0x29c);
																	if( *(__ebp - 0x29c) != 0) {
																		L118:
																		while(1) {
																			L190:
																			__eflags =  *(_t701 - 0x28);
																			if( *(_t701 - 0x28) != 0) {
																				goto L216;
																			}
																			goto L191;
																		}
																	} else {
																		L117:
																		 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
																		__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
																		 *(__ebp - 0x2f8) = 0xffffffff;
																		__ecx = __ebp - 0x40;
																		__eax = E0040D380(__ecx);
																		__eax =  *(__ebp - 0x2f8);
																		goto L229;
																	}
																case 9:
																	goto L0;
																case 0xa:
																	L146:
																	 *(__ebp - 0x30) = 8;
																	goto L147;
																case 0xb:
																	L90:
																	__eflags =  *(__ebp - 0x30) - 0xffffffff;
																	if( *(__ebp - 0x30) != 0xffffffff) {
																		__edx =  *(__ebp - 0x30);
																		 *(__ebp - 0x328) =  *(__ebp - 0x30);
																	} else {
																		 *(__ebp - 0x328) = 0x7fffffff;
																	}
																	__eax =  *(__ebp - 0x328);
																	 *(__ebp - 0x290) =  *(__ebp - 0x328);
																	__ecx = __ebp + 0x14;
																	 *(__ebp - 4) = E0041C290(__ebp + 0x14);
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
																	__eflags =  *(__ebp - 0x10) & 0x00000810;
																	if(( *(__ebp - 0x10) & 0x00000810) == 0) {
																		L101:
																		__eflags =  *(__ebp - 4);
																		if( *(__ebp - 4) == 0) {
																			__edx =  *0x60b4f0; // 0x407424
																			 *(__ebp - 4) = __edx;
																		}
																		__eax =  *(__ebp - 4);
																		 *(__ebp - 0x28c) =  *(__ebp - 4);
																		while(1) {
																			L104:
																			__ecx =  *(__ebp - 0x290);
																			 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																			 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																			__eflags = __ecx;
																			if(__ecx == 0) {
																				break;
																			}
																			L105:
																			__eax =  *(__ebp - 0x28c);
																			__ecx =  *( *(__ebp - 0x28c));
																			__eflags = __ecx;
																			if(__ecx == 0) {
																				break;
																			}
																			L106:
																			 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
																			 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
																		}
																		L107:
																		__eax =  *(__ebp - 0x28c);
																		__eax =  *(__ebp - 0x28c) -  *(__ebp - 4);
																		__eflags = __eax;
																		 *(__ebp - 0x24) = __eax;
																		goto L108;
																	} else {
																		L94:
																		__eflags =  *(__ebp - 4);
																		if( *(__ebp - 4) == 0) {
																			__eax =  *0x60b4f4; // 0x407414
																			 *(__ebp - 4) = __eax;
																		}
																		 *(__ebp - 0xc) = 1;
																		__ecx =  *(__ebp - 4);
																		 *(__ebp - 0x294) =  *(__ebp - 4);
																		while(1) {
																			L97:
																			__edx =  *(__ebp - 0x290);
																			 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																			 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																			__eflags =  *(__ebp - 0x290);
																			if( *(__ebp - 0x290) == 0) {
																				break;
																			}
																			L98:
																			__ecx =  *(__ebp - 0x294);
																			__edx =  *( *(__ebp - 0x294)) & 0x0000ffff;
																			__eflags =  *( *(__ebp - 0x294)) & 0x0000ffff;
																			if(( *( *(__ebp - 0x294)) & 0x0000ffff) == 0) {
																				break;
																			}
																			L99:
																			 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
																			 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
																		}
																		L100:
																		 *(__ebp - 0x294) =  *(__ebp - 0x294) -  *(__ebp - 4);
																		__ecx =  *(__ebp - 0x294) -  *(__ebp - 4) >> 1;
																		 *(__ebp - 0x24) = __ecx;
																		L108:
																		while(1) {
																			L190:
																			__eflags =  *(_t701 - 0x28);
																			if( *(_t701 - 0x28) != 0) {
																				goto L216;
																			}
																			goto L191;
																		}
																	}
																case 0xc:
																	L145:
																	 *((intOrPtr*)(__ebp - 8)) = 0xa;
																	while(1) {
																		L153:
																		__eflags =  *(_t701 - 0x10) & 0x00008000;
																		if(( *(_t701 - 0x10) & 0x00008000) == 0) {
																			_t649 =  *(_t701 - 0x10) & 0x00001000;
																			__eflags = _t649;
																			if(_t649 == 0) {
																				__eflags =  *(_t701 - 0x10) & 0x00000020;
																				if(( *(_t701 - 0x10) & 0x00000020) == 0) {
																					_t651 =  *(_t701 - 0x10) & 0x00000040;
																					__eflags = _t651;
																					if(_t651 == 0) {
																						_t496 = E0041C290(_t701 + 0x14);
																						_t703 = _t703 + 4;
																						__eflags = 0;
																						 *(_t701 - 0x2b8) = _t496;
																						 *(_t701 - 0x2b4) = 0;
																					} else {
																						_t580 = E0041C290(_t701 + 0x14);
																						_t703 = _t703 + 4;
																						asm("cdq");
																						 *(_t701 - 0x2b8) = _t580;
																						 *(_t701 - 0x2b4) = _t651;
																					}
																				} else {
																					_t698 =  *(_t701 - 0x10) & 0x00000040;
																					__eflags = _t698;
																					if(_t698 == 0) {
																						_t581 = E0041C290(_t701 + 0x14);
																						_t703 = _t703 + 4;
																						asm("cdq");
																						 *(_t701 - 0x2b8) = _t581 & 0x0000ffff;
																						 *(_t701 - 0x2b4) = _t698;
																					} else {
																						_t584 = E0041C290(_t701 + 0x14);
																						_t703 = _t703 + 4;
																						asm("cdq");
																						 *(_t701 - 0x2b8) = _t584;
																						 *(_t701 - 0x2b4) = _t698;
																					}
																				}
																			} else {
																				_t587 = E0041C2B0(_t701 + 0x14);
																				_t703 = _t703 + 4;
																				 *(_t701 - 0x2b8) = _t587;
																				 *(_t701 - 0x2b4) = _t649;
																			}
																		} else {
																			_t588 = E0041C2B0(_t701 + 0x14);
																			_t703 = _t703 + 4;
																			 *(_t701 - 0x2b8) = _t588;
																			 *(_t701 - 0x2b4) = _t647;
																		}
																		__eflags =  *(_t701 - 0x10) & 0x00000040;
																		if(( *(_t701 - 0x10) & 0x00000040) == 0) {
																			goto L170;
																		}
																		goto L166;
																	}
																case 0xd:
																	L148:
																	 *(__ebp - 0x260) = 0x27;
																	L149:
																	 *((intOrPtr*)(__ebp - 8)) = 0x10;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																	__eflags =  *(__ebp - 0x10) & 0x00000080;
																	if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																		 *((char*)(__ebp - 0x14)) = 0x30;
																		 *(__ebp - 0x260) =  *(__ebp - 0x260) + 0x51;
																		__eflags =  *(__ebp - 0x260) + 0x51;
																		 *((char*)(__ebp - 0x13)) = __al;
																		 *(__ebp - 0x1c) = 2;
																	}
																	while(1) {
																		L153:
																		__eflags =  *(_t701 - 0x10) & 0x00008000;
																		if(( *(_t701 - 0x10) & 0x00008000) == 0) {
																			_t649 =  *(_t701 - 0x10) & 0x00001000;
																			__eflags = _t649;
																			if(_t649 == 0) {
																				__eflags =  *(_t701 - 0x10) & 0x00000020;
																				if(( *(_t701 - 0x10) & 0x00000020) == 0) {
																					_t651 =  *(_t701 - 0x10) & 0x00000040;
																					__eflags = _t651;
																					if(_t651 == 0) {
																						_t496 = E0041C290(_t701 + 0x14);
																						_t703 = _t703 + 4;
																						__eflags = 0;
																						 *(_t701 - 0x2b8) = _t496;
																						 *(_t701 - 0x2b4) = 0;
																					} else {
																						_t580 = E0041C290(_t701 + 0x14);
																						_t703 = _t703 + 4;
																						asm("cdq");
																						 *(_t701 - 0x2b8) = _t580;
																						 *(_t701 - 0x2b4) = _t651;
																					}
																				} else {
																					_t698 =  *(_t701 - 0x10) & 0x00000040;
																					__eflags = _t698;
																					if(_t698 == 0) {
																						_t581 = E0041C290(_t701 + 0x14);
																						_t703 = _t703 + 4;
																						asm("cdq");
																						 *(_t701 - 0x2b8) = _t581 & 0x0000ffff;
																						 *(_t701 - 0x2b4) = _t698;
																					} else {
																						_t584 = E0041C290(_t701 + 0x14);
																						_t703 = _t703 + 4;
																						asm("cdq");
																						 *(_t701 - 0x2b8) = _t584;
																						 *(_t701 - 0x2b4) = _t698;
																					}
																				}
																			} else {
																				_t587 = E0041C2B0(_t701 + 0x14);
																				_t703 = _t703 + 4;
																				 *(_t701 - 0x2b8) = _t587;
																				 *(_t701 - 0x2b4) = _t649;
																			}
																		} else {
																			_t588 = E0041C2B0(_t701 + 0x14);
																			_t703 = _t703 + 4;
																			 *(_t701 - 0x2b8) = _t588;
																			 *(_t701 - 0x2b4) = _t647;
																		}
																		__eflags =  *(_t701 - 0x10) & 0x00000040;
																		if(( *(_t701 - 0x10) & 0x00000040) == 0) {
																			goto L170;
																		}
																		goto L166;
																	}
																case 0xe:
																	while(1) {
																		L190:
																		__eflags =  *(_t701 - 0x28);
																		if( *(_t701 - 0x28) != 0) {
																			goto L216;
																		}
																		goto L191;
																	}
															}
														case 8:
															L30:
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
															goto L33;
														case 9:
															L31:
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
															goto L33;
														case 0xa:
															L29:
															__ecx =  *(__ebp - 0x10);
															__ecx =  *(__ebp - 0x10) | 0x00000001;
															 *(__ebp - 0x10) = __ecx;
															goto L33;
														case 0xb:
															L28:
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
															goto L33;
														case 0xc:
															L32:
															__ecx =  *(__ebp - 0x10);
															__ecx =  *(__ebp - 0x10) | 0x00000008;
															__eflags = __ecx;
															 *(__ebp - 0x10) = __ecx;
															goto L33;
														case 0xd:
															L33:
															goto L218;
													}
												} else {
													if(0 == 0) {
														 *(_t701 - 0x314) = 0;
													} else {
														 *(_t701 - 0x314) = 1;
													}
													_t618 =  *(_t701 - 0x314);
													 *(_t701 - 0x278) =  *(_t701 - 0x314);
													if( *(_t701 - 0x278) == 0) {
														_push(L"(\"Incorrect format specifier\", 0)");
														_push(0);
														_push(0x460);
														_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
														_push(2);
														_t545 = L0040E1A0();
														_t703 = _t703 + 0x14;
														if(_t545 == 1) {
															asm("int3");
														}
													}
													L14:
													if( *(_t701 - 0x278) != 0) {
														goto L16;
													} else {
														 *((intOrPtr*)(L0040EC70(_t618))) = 0x16;
														E00411A50(_t589, _t618, _t699, _t700, L"(\"Incorrect format specifier\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
														 *(_t701 - 0x2f0) = 0xffffffff;
														E0040D380(_t701 - 0x40);
														_t518 =  *(_t701 - 0x2f0);
														L229:
														return E00416CA0(_t518, _t589,  *(_t701 - 0x48) ^ _t701, _t665, _t699, _t700);
													}
												}
											}
											L219:
											__eflags =  *(_t701 - 0x25c);
											if( *(_t701 - 0x25c) == 0) {
												L222:
												 *(_t701 - 0x334) = 1;
												L223:
												_t605 =  *(_t701 - 0x334);
												 *(_t701 - 0x2e0) =  *(_t701 - 0x334);
												__eflags =  *(_t701 - 0x2e0);
												if( *(_t701 - 0x2e0) == 0) {
													_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
													_push(0);
													_push(0x8f5);
													_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
													_push(2);
													_t523 = L0040E1A0();
													_t703 = _t703 + 0x14;
													__eflags = _t523 - 1;
													if(_t523 == 1) {
														asm("int3");
													}
												}
												__eflags =  *(_t701 - 0x2e0);
												if( *(_t701 - 0x2e0) != 0) {
													 *(_t701 - 0x300) =  *(_t701 - 0x24c);
													E0040D380(_t701 - 0x40);
													_t518 =  *(_t701 - 0x300);
												} else {
													 *((intOrPtr*)(L0040EC70(_t605))) = 0x16;
													E00411A50(_t589, _t605, _t699, _t700, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
													 *(_t701 - 0x2fc) = 0xffffffff;
													E0040D380(_t701 - 0x40);
													_t518 =  *(_t701 - 0x2fc);
												}
												goto L229;
											}
											L220:
											__eflags =  *(_t701 - 0x25c) - 7;
											if( *(_t701 - 0x25c) == 7) {
												goto L222;
											}
											L221:
											 *(_t701 - 0x334) = 0;
											goto L223;
										}
									}
									L187:
									__eflags =  *(_t701 - 0x24);
									if( *(_t701 - 0x24) == 0) {
										L189:
										 *((intOrPtr*)(_t701 - 4)) =  *((intOrPtr*)(_t701 - 4)) - 1;
										 *((char*)( *((intOrPtr*)(_t701 - 4)))) = 0x30;
										_t639 =  *(_t701 - 0x24) + 1;
										__eflags = _t639;
										 *(_t701 - 0x24) = _t639;
										goto L190;
									}
									L188:
									__eflags =  *((char*)( *((intOrPtr*)(_t701 - 4)))) - 0x30;
									if( *((char*)( *((intOrPtr*)(_t701 - 4)))) == 0x30) {
										goto L190;
									}
									goto L189;
								}
								L183:
								asm("cdq");
								_t658 =  *(_t701 - 0x2c0);
								 *(_t701 - 0x2ac) = E0041CE40(_t658,  *(_t701 - 0x2bc),  *(_t701 - 8), _t657) + 0x30;
								asm("cdq");
								 *(_t701 - 0x2c0) = E0041CDD0( *(_t701 - 0x2c0),  *(_t701 - 0x2bc),  *(_t701 - 8), _t658);
								 *(_t701 - 0x2bc) = _t658;
								__eflags =  *(_t701 - 0x2ac) - 0x39;
								if( *(_t701 - 0x2ac) > 0x39) {
									_t662 =  *(_t701 - 0x2ac) +  *((intOrPtr*)(_t701 - 0x260));
									__eflags = _t662;
									 *(_t701 - 0x2ac) = _t662;
								}
								 *((char*)( *((intOrPtr*)(_t701 - 4)))) =  *(_t701 - 0x2ac);
								 *((intOrPtr*)(_t701 - 4)) =  *((intOrPtr*)(_t701 - 4)) - 1;
								L181:
								_t657 =  *(_t701 - 0x30) - 1;
								 *(_t701 - 0x30) =  *(_t701 - 0x30) - 1;
								__eflags =  *(_t701 - 0x30);
								if( *(_t701 - 0x30) > 0) {
									goto L183;
								}
								goto L182;
							}
						}
						L168:
						__eflags =  *(_t701 - 0x2b8);
						if( *(_t701 - 0x2b8) >= 0) {
							goto L170;
						}
						goto L169;
						L170:
						 *(_t701 - 0x2c0) =  *(_t701 - 0x2b8);
						 *(_t701 - 0x2bc) =  *(_t701 - 0x2b4);
						goto L171;
					}
				}
			}

0x0042205c
0x0042205c
0x0042205c
0x0042205c
0x0042205c
0x0042205c
0x0042205c
0x0042206c
0x0042206e
0x00422071
0x00422071
0x00422077
0x00422077
0x0042207a
0x0042207a
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x0042213a
0x0042213f
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211f
0x00422124
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f9
0x004220fe
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220dd
0x004220e2
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220b0
0x004220b5
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422088
0x0042208d
0x00422090
0x00422096
0x00422096
0x00422153
0x00422156
0x00000000
0x00000000
0x00422158
0x00422158
0x0042215f
0x00000000
0x00000000
0x00422161
0x00422161
0x0042216c
0x0042217a
0x0042217f
0x00422185
0x00422193
0x004221b0
0x004221b3
0x004221b8
0x004221bd
0x004221c3
0x004221d1
0x004221d1
0x004221da
0x004221da
0x004221c3
0x004221e0
0x004221e4
0x004221f5
0x004221f8
0x004221ff
0x00422201
0x00422201
0x004221e6
0x004221e6
0x004221e6
0x0042220e
0x00422214
0x00422216
0x00422216
0x00422220
0x00422223
0x00422223
0x00422229
0x0042222c
0x0042222f
0x00422231
0x00000000
0x00000000
0x00422233
0x00422239
0x0042223f
0x004222bc
0x004222c2
0x004222cb
0x004222d1
0x004222d7
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x0042230c
0x0042230f
0x00422312
0x00422317
0x0042231c
0x0042232e
0x00422331
0x00422343
0x00422346
0x00422348
0x0042234c
0x0042234c
0x00422333
0x00422333
0x00422337
0x00422337
0x0042231e
0x0042231e
0x00422322
0x00422322
0x0042231c
0x0042235c
0x00422365
0x00422368
0x0042237e
0x00422383
0x00422383
0x00422399
0x0042239e
0x004223a4
0x004223a7
0x004223ac
0x004223af
0x004223c5
0x004223ca
0x004223ca
0x004223af
0x004223cd
0x004223d1
0x004224a5
0x004224b8
0x004224bd
0x00000000
0x004223d7
0x004223d7
0x004223d7
0x004223db
0x00000000
0x00000000
0x004223e1
0x004223e1
0x004223ee
0x004223f7
0x004223fd
0x004223fd
0x0042240c
0x00422412
0x00422414
0x00000000
0x00000000
0x0042241a
0x00422423
0x00422442
0x00422447
0x0042244a
0x00422459
0x0042245f
0x00422466
0x00422471
0x00422471
0x00000000
0x00422471
0x00422468
0x00422468
0x0042246f
0x0042247d
0x00422496
0x0042249b
0x00000000
0x0042249b
0x00000000
0x0042246f
0x004224a3
0x004224c0
0x004224c0
0x004224c7
0x004224cc
0x004224cf
0x004224e5
0x004224ea
0x004224ea
0x004224cf
0x004224c7
0x004224ed
0x004224ed
0x004224f1
0x004224f9
0x004224fe
0x00422501
0x00422501
0x00422508
0x00422508
0x004215df
0x004215e5
0x004215f2
0x004215f7
0x00000000
0x0042160a
0x00421614
0x0042163b
0x00421622
0x00421633
0x00421633
0x00421614
0x00421645
0x0042164b
0x00421657
0x0042165a
0x00421668
0x0042166b
0x00421678
0x0042171d
0x00421723
0x00421729
0x00421730
0x00000000
0x00000000
0x00421736
0x0042173c
0x00000000
0x00421743
0x00421743
0x0042175b
0x00421760
0x00421763
0x00421765
0x0042181f
0x00421832
0x00421837
0x00000000
0x0042176b
0x0042177e
0x00421783
0x00421789
0x0042178b
0x00421794
0x00421794
0x00421797
0x004217a3
0x004217a7
0x004217ad
0x004217af
0x004217b4
0x004217b6
0x004217bb
0x004217c0
0x004217c2
0x004217c7
0x004217ca
0x004217cd
0x004217cf
0x004217cf
0x004217cd
0x004217d0
0x004217d0
0x004217d7
0x00000000
0x004217d9
0x004217de
0x004217fa
0x00421802
0x0042180f
0x00421814
0x00000000
0x00421814
0x004217d7
0x00000000
0x0042183f
0x0042183f
0x00421846
0x00421849
0x0042184c
0x0042184f
0x00421852
0x00421855
0x00421858
0x0042185f
0x00421866
0x00000000
0x00000000
0x00421872
0x00421872
0x00421879
0x00421885
0x00421888
0x0042188e
0x00421895
0x00000000
0x00000000
0x00421897
0x00421897
0x0042189d
0x0042189d
0x004218a4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004218e7
0x004218e7
0x004218ee
0x004218f1
0x0042191b
0x0042191e
0x0042191e
0x00421921
0x00421928
0x00421928
0x0042192c
0x004218f3
0x004218f3
0x004218ff
0x00421902
0x00421906
0x00421908
0x0042190b
0x0042190b
0x0042190e
0x00421914
0x00421916
0x00421916
0x00421919
0x00000000
0x00000000
0x00421934
0x00421934
0x00000000
0x00000000
0x00421940
0x00421940
0x00421947
0x0042194a
0x0042196a
0x0042196d
0x0042196d
0x00421977
0x00421977
0x0042197b
0x0042194c
0x0042194c
0x00421958
0x0042195b
0x0042195f
0x00421961
0x00421961
0x00421968
0x00000000
0x00000000
0x00421983
0x00421983
0x0042198a
0x00421996
0x00421999
0x0042199f
0x004219a6
0x00421ab9
0x00000000
0x00421ab9
0x004219ac
0x004219ac
0x004219b2
0x004219b2
0x004219b9
0x00000000
0x004219ef
0x004219ef
0x004219f2
0x004219f5
0x004219f8
0x00421a20
0x00421a20
0x00421a23
0x00421a26
0x00421a29
0x00421a4e
0x00421a4e
0x00421a51
0x00421a54
0x00421a57
0x00421a90
0x00421aa1
0x00000000
0x00421aa1
0x00421a59
0x00421a59
0x00421a5c
0x00421a5f
0x00421a62
0x00000000
0x00000000
0x00421a64
0x00421a64
0x00421a67
0x00421a6a
0x00421a6d
0x00000000
0x00000000
0x00421a6f
0x00421a6f
0x00421a72
0x00421a75
0x00421a78
0x00000000
0x00000000
0x00421a7a
0x00421a7a
0x00421a7d
0x00421a80
0x00421a83
0x00000000
0x00000000
0x00421a85
0x00421a85
0x00421a88
0x00421a8b
0x00421a8e
0x00421a92
0x00000000
0x00421a92
0x00000000
0x00421a8e
0x00421a2b
0x00421a2b
0x00421a2e
0x00421a32
0x00421a35
0x00000000
0x00421a37
0x00421a3a
0x00421a3d
0x00421a40
0x00421a43
0x00421a49
0x00000000
0x00421a49
0x00421a35
0x004219fa
0x004219fa
0x004219fd
0x00421a01
0x00421a04
0x00000000
0x00421a06
0x00421a09
0x00421a0c
0x00421a0f
0x00421a12
0x00421a18
0x00000000
0x00421a18
0x00000000
0x00421aa3
0x00421aa6
0x00421aa9
0x00000000
0x00000000
0x004219c0
0x004219c0
0x004219c3
0x004219c6
0x004219c9
0x004219e1
0x004219e4
0x004219e4
0x004219e7
0x004219cb
0x004219ce
0x004219d1
0x004219d7
0x004219dc
0x004219dc
0x00000000
0x00000000
0x00421aae
0x00421aae
0x00421ab1
0x00421ab1
0x00421ab6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00421abe
0x00421abe
0x00421ac5
0x00421ad1
0x00421ad4
0x00421ada
0x00421ae1
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00421ae7
0x00421aed
0x00421aed
0x00421af4
0x00000000
0x00421e4e
0x00421e4e
0x00421e55
0x00421e5c
0x00421e5c
0x00421e5f
0x00000000
0x00000000
0x00421afb
0x00421afe
0x00421afe
0x00421b04
0x00421b06
0x00421b09
0x00421b09
0x00421b0e
0x00421b0e
0x00000000
0x00000000
0x00421c3b
0x00421c3e
0x00421c3e
0x00421c43
0x00421c45
0x00421c48
0x00421c48
0x00421c4e
0x00421c4e
0x00000000
0x00000000
0x0042201b
0x0042201b
0x00000000
0x00000000
0x00421ba5
0x00421ba5
0x00421bb1
0x00421bb7
0x00421bbe
0x00421bcc
0x00421bcc
0x00421bd2
0x00421bd5
0x00421be1
0x00421c36
0x00000000
0x00421c36
0x00421bc0
0x00421bc0
0x00421bc6
0x00421bca
0x00421be6
0x00421be9
0x00421be9
0x00421bef
0x00421c17
0x00421c1e
0x00421c24
0x00421c27
0x00421c2a
0x00421c30
0x00421c33
0x00421bf1
0x00421bf1
0x00421bf7
0x00421bfa
0x00421bfd
0x00421c03
0x00421c06
0x00421c09
0x00421c0b
0x00421c0e
0x00421c0e
0x00000000
0x00421bef
0x00000000
0x00000000
0x00421e65
0x00421e68
0x00421e6b
0x00421e6e
0x00421e74
0x00421e77
0x00421e7e
0x00421e82
0x00421e8d
0x00421e8d
0x00421e91
0x00421ea8
0x00421ea8
0x00421eaf
0x00421eb1
0x00421eb1
0x00421eb8
0x00421eb8
0x00421ebf
0x00421ed0
0x00421edf
0x00421ee2
0x00421ee6
0x00421efc
0x00421ee8
0x00421ee8
0x00421eeb
0x00421ef1
0x00421ef7
0x00421ef7
0x00421ee6
0x00421f06
0x00421f09
0x00421f0c
0x00421f0f
0x00421f12
0x00421f15
0x00421f1b
0x00421f21
0x00421f29
0x00421f2a
0x00421f2d
0x00421f2e
0x00421f31
0x00421f32
0x00421f39
0x00421f3a
0x00421f3d
0x00421f3e
0x00421f41
0x00421f42
0x00421f48
0x00421f49
0x00421f57
0x00421f59
0x00421f5f
0x00421f5f
0x00421f65
0x00421f67
0x00421f6b
0x00421f6d
0x00421f75
0x00421f76
0x00421f79
0x00421f7a
0x00421f88
0x00421f8a
0x00421f8a
0x00421f6b
0x00421f8d
0x00421f94
0x00421f97
0x00421f9c
0x00421f9c
0x00421fa2
0x00421fa4
0x00421fac
0x00421fad
0x00421fb0
0x00421fb1
0x00421fc0
0x00421fc2
0x00421fc2
0x00421fa2
0x00421fc5
0x00421fc8
0x00421fcb
0x00421fce
0x00421fd3
0x00421fd9
0x00421fdc
0x00421fdf
0x00421fdf
0x00421fe2
0x00421fe2
0x00421fe5
0x00421ff1
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00422302
0x00421e93
0x00421e93
0x00421e9a
0x00421e9d
0x00000000
0x00000000
0x00421e9f
0x00421e9f
0x00000000
0x00421e9f
0x00421e84
0x00421e84
0x00000000
0x00000000
0x00421b11
0x00421b14
0x00421b14
0x00421b1a
0x00421b75
0x00421b7d
0x00421b84
0x00421b8a
0x00421b90
0x00421b1c
0x00421b1c
0x00421b26
0x00421b2a
0x00421b32
0x00421b39
0x00421b46
0x00421b4d
0x00421b59
0x00421b5f
0x00421b66
0x00421b68
0x00421b68
0x00421b6f
0x00421b97
0x00421b9d
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00421ff9
0x00421ffc
0x00421fff
0x00422002
0x0042207a
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x0042213a
0x0042213f
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211f
0x00422124
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f9
0x004220fe
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220dd
0x004220e2
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220b0
0x004220b5
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422088
0x0042208d
0x00422090
0x00422096
0x00422096
0x00422153
0x00422156
0x00000000
0x00000000
0x00000000
0x00421d57
0x00421d57
0x00421d63
0x00421d69
0x00421d6e
0x00421d70
0x00421e1a
0x00421e1d
0x00421e1d
0x00421e20
0x00421e34
0x00421e3a
0x00421e40
0x00421e22
0x00421e22
0x00421e2f
0x00421e2f
0x00421e42
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00421d76
0x00421d76
0x00421d76
0x00421d78
0x00421d86
0x00421d7a
0x00421d7a
0x00421d7a
0x00421d90
0x00421d96
0x00421d9c
0x00421da3
0x00421da5
0x00421daa
0x00421dac
0x00421db1
0x00421db6
0x00421db8
0x00421dbd
0x00421dc0
0x00421dc3
0x00421dc5
0x00421dc5
0x00421dc3
0x00421dc6
0x00421dcd
0x00421e15
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00421dcf
0x00421dcf
0x00421dd4
0x00421df0
0x00421df8
0x00421e02
0x00421e05
0x00421e0a
0x00000000
0x00421e0a
0x00000000
0x00000000
0x00000000
0x00422014
0x00422014
0x00000000
0x00000000
0x00421c51
0x00421c51
0x00421c55
0x00421c63
0x00421c66
0x00421c57
0x00421c57
0x00421c57
0x00421c6c
0x00421c72
0x00421c78
0x00421c84
0x00421c8a
0x00421c8a
0x00421c90
0x00421cf7
0x00421cf7
0x00421cfb
0x00421cfd
0x00421d03
0x00421d03
0x00421d06
0x00421d09
0x00421d0f
0x00421d0f
0x00421d0f
0x00421d1b
0x00421d1e
0x00421d24
0x00421d26
0x00000000
0x00000000
0x00421d28
0x00421d28
0x00421d2e
0x00421d31
0x00421d33
0x00000000
0x00000000
0x00421d35
0x00421d3b
0x00421d3e
0x00421d3e
0x00421d46
0x00421d46
0x00421d4c
0x00421d4c
0x00421d4f
0x00000000
0x00421c92
0x00421c92
0x00421c92
0x00421c96
0x00421c98
0x00421c9d
0x00421c9d
0x00421ca0
0x00421ca7
0x00421caa
0x00421cb0
0x00421cb0
0x00421cb0
0x00421cbc
0x00421cbf
0x00421cc5
0x00421cc7
0x00000000
0x00000000
0x00421cc9
0x00421cc9
0x00421ccf
0x00421cd2
0x00421cd4
0x00000000
0x00000000
0x00421cd6
0x00421cdc
0x00421cdf
0x00421cdf
0x00421ce7
0x00421ced
0x00421cf0
0x00421cf2
0x00421d52
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00422302
0x00000000
0x0042200b
0x0042200b
0x0042207a
0x0042207a
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x0042213a
0x0042213f
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211f
0x00422124
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f9
0x004220fe
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220dd
0x004220e2
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220b0
0x004220b5
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422088
0x0042208d
0x00422090
0x00422096
0x00422096
0x00422153
0x00422156
0x00000000
0x00000000
0x00000000
0x00422156
0x00000000
0x00422027
0x00422027
0x00422031
0x00422031
0x0042203b
0x0042203b
0x00422041
0x00422043
0x0042204d
0x0042204d
0x00422050
0x00422053
0x00422053
0x0042207a
0x0042207a
0x0042207d
0x00422082
0x004220a4
0x004220a4
0x004220aa
0x004220cc
0x004220cf
0x00422116
0x00422116
0x00422119
0x0042213a
0x0042213f
0x00422142
0x00422144
0x0042214a
0x0042211b
0x0042211f
0x00422124
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d4
0x004220d7
0x004220f9
0x004220fe
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220dd
0x004220e2
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220b0
0x004220b5
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422088
0x0042208d
0x00422090
0x00422096
0x00422096
0x00422153
0x00422156
0x00000000
0x00000000
0x00000000
0x00422156
0x00000000
0x00422302
0x00422302
0x00422302
0x00422306
0x00000000
0x00000000
0x00000000
0x00422306
0x00000000
0x00000000
0x004218c1
0x004218c4
0x004218c7
0x00000000
0x00000000
0x004218cc
0x004218cf
0x004218d4
0x00000000
0x00000000
0x004218b6
0x004218b6
0x004218b9
0x004218bc
0x00000000
0x00000000
0x004218ab
0x004218ae
0x004218b1
0x00000000
0x00000000
0x004218d9
0x004218d9
0x004218dc
0x004218dc
0x004218df
0x00000000
0x00000000
0x004218e2
0x00000000
0x00000000
0x0042167e
0x00421680
0x0042168e
0x00421682
0x00421682
0x00421682
0x00421698
0x0042169e
0x004216ab
0x004216ad
0x004216b2
0x004216b4
0x004216b9
0x004216be
0x004216c0
0x004216c5
0x004216cb
0x004216cd
0x004216cd
0x004216cb
0x004216ce
0x004216d5
0x00000000
0x004216d7
0x004216dc
0x004216f8
0x00421700
0x0042170d
0x00421712
0x004225d1
0x004225de
0x004225de
0x004216d5
0x00421678
0x0042250d
0x0042250d
0x00422514
0x0042252b
0x0042252b
0x00422535
0x00422535
0x0042253b
0x00422541
0x00422548
0x0042254a
0x0042254f
0x00422551
0x00422556
0x0042255b
0x0042255d
0x00422562
0x00422565
0x00422568
0x0042256a
0x0042256a
0x00422568
0x0042256b
0x00422572
0x004225bd
0x004225c6
0x004225cb
0x00422574
0x00422579
0x00422595
0x0042259d
0x004225aa
0x004225af
0x004225af
0x00000000
0x00422572
0x00422516
0x00422516
0x0042251d
0x00000000
0x00000000
0x0042251f
0x0042251f
0x00000000
0x0042251f
0x00422302
0x004222d9
0x004222d9
0x004222dd
0x004222ea
0x004222f0
0x004222f6
0x004222fc
0x004222fc
0x004222ff
0x00000000
0x004222ff
0x004222df
0x004222e5
0x004222e8
0x00000000
0x00000000
0x00000000
0x004222e8
0x00422241
0x00422244
0x0042224e
0x0042225d
0x00422266
0x0042227c
0x00422282
0x00422288
0x0042228f
0x00422297
0x00422297
0x0042229d
0x0042229d
0x004222ac
0x004222b4
0x00422223
0x00422229
0x0042222c
0x0042222f
0x00422231
0x00000000
0x00000000
0x00000000
0x00422231
0x00422223
0x00422163
0x00422163
0x0042216a
0x00000000
0x00000000
0x00000000
0x00422198
0x0042219e
0x004221aa
0x00000000
0x004221aa
0x0042207a

APIs

_get_int64_arg.LIBCMTD ref: 00422088
__aullrem.LIBCMT ref: 00422255
__aulldiv.LIBCMT ref: 00422277

Strings

9, xrefs: 00422288

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 790f85329d0675026e3b1e30a5abf80567c16f4c43cd8e8bf9a7b00a4300b363
Instruction ID: 2b4fd159c5947c42750f9cc6a0149795afb4902a1642d007c9234b0f1fe656e7
Opcode Fuzzy Hash: 790f85329d0675026e3b1e30a5abf80567c16f4c43cd8e8bf9a7b00a4300b363
Instruction Fuzzy Hash: F841D2B1E01629EFEB64CF88DD89BAEB7B5BB44300F5085DAD509A7240C7785E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00423904 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00423904(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi) {
				signed int _t483;
				signed int _t502;
				void* _t507;
				signed int _t509;
				void* _t517;
				void* _t535;
				signed int _t539;
				signed int _t552;
				signed int _t556;
				signed short _t557;
				signed int _t560;
				signed int _t563;
				signed int _t564;
				intOrPtr _t565;
				signed int _t613;
				signed int _t621;
				signed int _t623;
				signed int _t625;
				signed int _t632;
				signed int _t636;
				signed int _t644;
				signed int _t671;
				intOrPtr _t672;
				intOrPtr _t673;
				signed int _t674;
				void* _t676;

				L0:
				while(1) {
					L0:
					_t673 = __esi;
					_t672 = __edi;
					_t565 = __ebx;
					 *(_t674 - 8) = 8;
					if(( *(_t674 - 0x10) & 0x00000080) != 0) {
						__edx =  *(__ebp - 0x10);
						__edx =  *(__ebp - 0x10) | 0x00000200;
						__eflags = __edx;
						 *(__ebp - 0x10) = __edx;
					}
					while(1) {
						L150:
						__eflags =  *(_t674 - 0x10) & 0x00008000;
						if(( *(_t674 - 0x10) & 0x00008000) == 0) {
							_t623 =  *(_t674 - 0x10) & 0x00001000;
							__eflags = _t623;
							if(_t623 == 0) {
								__eflags =  *(_t674 - 0x10) & 0x00000020;
								if(( *(_t674 - 0x10) & 0x00000020) == 0) {
									_t625 =  *(_t674 - 0x10) & 0x00000040;
									__eflags = _t625;
									if(_t625 == 0) {
										_t483 = E0041C290(_t674 + 0x14);
										_t676 = _t676 + 4;
										__eflags = 0;
										 *(_t674 - 0x4a0) = _t483;
										 *(_t674 - 0x49c) = 0;
									} else {
										_t556 = E0041C290(_t674 + 0x14);
										_t676 = _t676 + 4;
										asm("cdq");
										 *(_t674 - 0x4a0) = _t556;
										 *(_t674 - 0x49c) = _t625;
									}
								} else {
									_t671 =  *(_t674 - 0x10) & 0x00000040;
									__eflags = _t671;
									if(_t671 == 0) {
										_t557 = E0041C290(_t674 + 0x14);
										_t676 = _t676 + 4;
										asm("cdq");
										 *(_t674 - 0x4a0) = _t557 & 0x0000ffff;
										 *(_t674 - 0x49c) = _t671;
									} else {
										_t560 = E0041C290(_t674 + 0x14);
										_t676 = _t676 + 4;
										asm("cdq");
										 *(_t674 - 0x4a0) = _t560;
										 *(_t674 - 0x49c) = _t671;
									}
								}
							} else {
								_t563 = E0041C2B0(_t674 + 0x14);
								_t676 = _t676 + 4;
								 *(_t674 - 0x4a0) = _t563;
								 *(_t674 - 0x49c) = _t623;
							}
						} else {
							_t564 = E0041C2B0(_t674 + 0x14);
							_t676 = _t676 + 4;
							 *(_t674 - 0x4a0) = _t564;
							 *(_t674 - 0x49c) = _t621;
						}
						__eflags =  *(_t674 - 0x10) & 0x00000040;
						if(( *(_t674 - 0x10) & 0x00000040) == 0) {
							goto L167;
						}
						L163:
						__eflags =  *(_t674 - 0x49c);
						if(__eflags > 0) {
							goto L167;
						}
						L164:
						if(__eflags < 0) {
							L166:
							asm("adc edx, 0x0");
							 *(_t674 - 0x4a8) =  ~( *(_t674 - 0x4a0));
							 *(_t674 - 0x4a4) =  ~( *(_t674 - 0x49c));
							 *(_t674 - 0x10) =  *(_t674 - 0x10) | 0x00000100;
							L168:
							__eflags =  *(_t674 - 0x10) & 0x00008000;
							if(( *(_t674 - 0x10) & 0x00008000) == 0) {
								__eflags =  *(_t674 - 0x10) & 0x00001000;
								if(( *(_t674 - 0x10) & 0x00001000) == 0) {
									_t552 =  *(_t674 - 0x4a4) & 0x00000000;
									__eflags = _t552;
									 *(_t674 - 0x4a4) = _t552;
								}
							}
							__eflags =  *(_t674 - 0x30);
							if( *(_t674 - 0x30) >= 0) {
								 *(_t674 - 0x10) =  *(_t674 - 0x10) & 0xfffffff7;
								__eflags =  *(_t674 - 0x30) - 0x200;
								if( *(_t674 - 0x30) > 0x200) {
									 *(_t674 - 0x30) = 0x200;
								}
							} else {
								 *(_t674 - 0x30) = 1;
							}
							__eflags =  *(_t674 - 0x4a8) |  *(_t674 - 0x4a4);
							if(( *(_t674 - 0x4a8) |  *(_t674 - 0x4a4)) == 0) {
								 *(_t674 - 0x1c) = 0;
							}
							 *((intOrPtr*)(_t674 - 4)) = _t674 - 0x249;
							while(1) {
								L178:
								_t631 =  *(_t674 - 0x30) - 1;
								 *(_t674 - 0x30) =  *(_t674 - 0x30) - 1;
								__eflags =  *(_t674 - 0x30);
								if( *(_t674 - 0x30) > 0) {
									goto L180;
								}
								L179:
								__eflags =  *(_t674 - 0x4a8) |  *(_t674 - 0x4a4);
								if(( *(_t674 - 0x4a8) |  *(_t674 - 0x4a4)) == 0) {
									L183:
									 *(_t674 - 0x24) = _t674 - 0x249 -  *((intOrPtr*)(_t674 - 4));
									 *((intOrPtr*)(_t674 - 4)) =  *((intOrPtr*)(_t674 - 4)) + 1;
									__eflags =  *(_t674 - 0x10) & 0x00000200;
									if(( *(_t674 - 0x10) & 0x00000200) == 0) {
										while(1) {
											L187:
											__eflags =  *(_t674 - 0x28);
											if( *(_t674 - 0x28) != 0) {
												goto L212;
											}
											L188:
											__eflags =  *(_t674 - 0x10) & 0x00000040;
											if(( *(_t674 - 0x10) & 0x00000040) != 0) {
												__eflags =  *(_t674 - 0x10) & 0x00000100;
												if(( *(_t674 - 0x10) & 0x00000100) == 0) {
													__eflags =  *(_t674 - 0x10) & 0x00000001;
													if(( *(_t674 - 0x10) & 0x00000001) == 0) {
														__eflags =  *(_t674 - 0x10) & 0x00000002;
														if(( *(_t674 - 0x10) & 0x00000002) != 0) {
															 *((short*)(_t674 - 0x14)) = 0x20;
															 *(_t674 - 0x1c) = 1;
														}
													} else {
														 *((short*)(_t674 - 0x14)) = 0x2b;
														 *(_t674 - 0x1c) = 1;
													}
												} else {
													 *((short*)(_t674 - 0x14)) = 0x2d;
													 *(_t674 - 0x1c) = 1;
												}
											}
											 *((intOrPtr*)(_t674 - 0x4ac)) =  *((intOrPtr*)(_t674 - 0x18)) -  *(_t674 - 0x24) -  *(_t674 - 0x1c);
											__eflags =  *(_t674 - 0x10) & 0x0000000c;
											if(( *(_t674 - 0x10) & 0x0000000c) == 0) {
												E00423FF0(0x20,  *((intOrPtr*)(_t674 - 0x4ac)),  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
												_t676 = _t676 + 0x10;
											}
											E00424030( *(_t674 - 0x1c), _t674 - 0x14,  *(_t674 - 0x1c),  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
											_t676 = _t676 + 0x10;
											__eflags =  *(_t674 - 0x10) & 0x00000008;
											if(( *(_t674 - 0x10) & 0x00000008) != 0) {
												__eflags =  *(_t674 - 0x10) & 0x00000004;
												if(( *(_t674 - 0x10) & 0x00000004) == 0) {
													E00423FF0(0x30,  *((intOrPtr*)(_t674 - 0x4ac)),  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
													_t676 = _t676 + 0x10;
												}
											}
											__eflags =  *(_t674 - 0xc);
											if( *(_t674 - 0xc) != 0) {
												L208:
												E00424030( *(_t674 - 0x24),  *((intOrPtr*)(_t674 - 4)),  *(_t674 - 0x24),  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
												_t676 = _t676 + 0x10;
												goto L209;
											} else {
												L201:
												__eflags =  *(_t674 - 0x24);
												if( *(_t674 - 0x24) <= 0) {
													goto L208;
												}
												L202:
												 *((intOrPtr*)(_t674 - 0x4b0)) =  *((intOrPtr*)(_t674 - 4));
												 *(_t674 - 0x4b4) =  *(_t674 - 0x24);
												while(1) {
													L203:
													 *(_t674 - 0x4b4) =  *(_t674 - 0x4b4) - 1;
													__eflags =  *(_t674 - 0x4b4);
													if( *(_t674 - 0x4b4) <= 0) {
														break;
													}
													L204:
													_t535 = E0040D3B0(_t674 - 0x40);
													_t539 = E00419150(_t674 - 0x458,  *((intOrPtr*)(_t674 - 0x4b0)),  *((intOrPtr*)( *((intOrPtr*)(E0040D3B0(_t674 - 0x40))) + 0xac)), _t535);
													_t676 = _t676 + 0x10;
													 *(_t674 - 0x4b8) = _t539;
													__eflags =  *(_t674 - 0x4b8);
													if( *(_t674 - 0x4b8) > 0) {
														L206:
														E00423F90( *(_t674 - 0x458) & 0x0000ffff,  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
														_t676 = _t676 + 0xc;
														 *((intOrPtr*)(_t674 - 0x4b0)) =  *((intOrPtr*)(_t674 - 0x4b0)) +  *(_t674 - 0x4b8);
														continue;
													}
													L205:
													 *(_t674 - 0x44c) = 0xffffffff;
													break;
												}
												L207:
												L209:
												__eflags =  *(_t674 - 0x44c);
												if( *(_t674 - 0x44c) >= 0) {
													__eflags =  *(_t674 - 0x10) & 0x00000004;
													if(( *(_t674 - 0x10) & 0x00000004) != 0) {
														E00423FF0(0x20,  *((intOrPtr*)(_t674 - 0x4ac)),  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
														_t676 = _t676 + 0x10;
													}
												}
											}
											L212:
											__eflags =  *(_t674 - 0x20);
											if( *(_t674 - 0x20) != 0) {
												L0040C240( *(_t674 - 0x20), 2);
												_t676 = _t676 + 8;
												 *(_t674 - 0x20) = 0;
											}
											while(1) {
												L214:
												 *(_t674 - 0x454) =  *((intOrPtr*)( *((intOrPtr*)(_t674 + 0xc))));
												_t580 =  *(_t674 - 0x454) & 0x0000ffff;
												 *((intOrPtr*)(_t674 + 0xc)) =  *((intOrPtr*)(_t674 + 0xc)) + 2;
												if(( *(_t674 - 0x454) & 0x0000ffff) == 0 ||  *(_t674 - 0x44c) < 0) {
													break;
												} else {
													if(( *(_t674 - 0x454) & 0x0000ffff) < 0x20 || ( *(_t674 - 0x454) & 0x0000ffff) > 0x78) {
														 *(_t674 - 0x4d8) = 0;
													} else {
														 *(_t674 - 0x4d8) =  *(( *(_t674 - 0x454) & 0x0000ffff) + L"pecifier\", 0)") & 0xf;
													}
												}
												L7:
												 *(_t674 - 0x450) =  *(_t674 - 0x4d8);
												_t644 =  *(_t674 - 0x450) * 9;
												_t509 =  *(_t674 - 0x45c);
												_t588 = ( *(_t644 + _t509 + 0x4083d0) & 0x000000ff) >> 4;
												 *(_t674 - 0x45c) = ( *(_t644 + _t509 + 0x4083d0) & 0x000000ff) >> 4;
												if( *(_t674 - 0x45c) != 8) {
													L16:
													 *(_t674 - 0x4e0) =  *(_t674 - 0x45c);
													__eflags =  *(_t674 - 0x4e0) - 7;
													if( *(_t674 - 0x4e0) > 7) {
														continue;
													}
													L17:
													switch( *((intOrPtr*)( *(_t674 - 0x4e0) * 4 +  &M00423E84))) {
														case 0:
															L18:
															 *(_t674 - 0xc) = 1;
															E00423F90( *(_t674 - 0x454) & 0x0000ffff,  *((intOrPtr*)(_t674 + 8)), _t674 - 0x44c);
															_t676 = _t676 + 0xc;
															goto L214;
														case 1:
															L19:
															 *(__ebp - 0x2c) = 0;
															__ecx =  *(__ebp - 0x2c);
															 *(__ebp - 0x28) = __ecx;
															__edx =  *(__ebp - 0x28);
															 *(__ebp - 0x18) =  *(__ebp - 0x28);
															__eax =  *(__ebp - 0x18);
															 *(__ebp - 0x1c) =  *(__ebp - 0x18);
															 *(__ebp - 0x10) = 0;
															 *(__ebp - 0x30) = 0xffffffff;
															 *(__ebp - 0xc) = 0;
															goto L214;
														case 2:
															L20:
															__ecx =  *(__ebp - 0x454) & 0x0000ffff;
															 *(__ebp - 0x4e4) = __ecx;
															 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
															 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
															__eflags =  *(__ebp - 0x4e4) - 0x10;
															if( *(__ebp - 0x4e4) > 0x10) {
																goto L27;
															}
															L21:
															_t58 =  *(__ebp - 0x4e4) + 0x423ebc; // 0x498d04
															__ecx =  *_t58 & 0x000000ff;
															switch( *((intOrPtr*)(__ecx * 4 +  &M00423EA4))) {
																case 0:
																	goto L24;
																case 1:
																	goto L25;
																case 2:
																	goto L23;
																case 3:
																	goto L22;
																case 4:
																	goto L26;
																case 5:
																	goto L27;
															}
														case 3:
															L28:
															__ecx =  *(__ebp - 0x454) & 0x0000ffff;
															__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x2a;
															if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
																__edx =  *(__ebp - 0x18);
																__edx =  *(__ebp - 0x18) * 0xa;
																__eflags = __edx;
																_t82 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
																__ecx = __edx + _t82;
																 *(__ebp - 0x18) = __ecx;
															} else {
																__edx = __ebp + 0x14;
																 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
																__eflags =  *(__ebp - 0x18);
																if( *(__ebp - 0x18) < 0) {
																	__eax =  *(__ebp - 0x10);
																	__eax =  *(__ebp - 0x10) | 0x00000004;
																	__eflags = __eax;
																	 *(__ebp - 0x10) = __eax;
																	__ecx =  *(__ebp - 0x18);
																	__ecx =  ~( *(__ebp - 0x18));
																	 *(__ebp - 0x18) = __ecx;
																}
															}
															L33:
															goto L214;
														case 4:
															L34:
															 *(__ebp - 0x30) = 0;
															goto L214;
														case 5:
															L35:
															__edx =  *(__ebp - 0x454) & 0x0000ffff;
															__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x2a;
															if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
																__ecx =  *(__ebp - 0x30);
																__ecx =  *(__ebp - 0x30) * 0xa;
																__eflags = __ecx;
																_t93 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
																__eax = __ecx + _t93;
																 *(__ebp - 0x30) = __ecx + _t93;
															} else {
																__eax = __ebp + 0x14;
																 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
																__eflags =  *(__ebp - 0x30);
																if( *(__ebp - 0x30) < 0) {
																	 *(__ebp - 0x30) = 0xffffffff;
																}
															}
															goto L214;
														case 6:
															L41:
															__ecx =  *(__ebp - 0x454) & 0x0000ffff;
															 *(__ebp - 0x4e8) = __ecx;
															 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
															 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
															__eflags =  *(__ebp - 0x4e8) - 0x2e;
															if( *(__ebp - 0x4e8) > 0x2e) {
																L64:
																goto L214;
															}
															L42:
															_t101 =  *(__ebp - 0x4e8) + 0x423ee4; // 0x36f19003
															__ecx =  *_t101 & 0x000000ff;
															switch( *((intOrPtr*)(__ecx * 4 +  &M00423ED0))) {
																case 0:
																	L47:
																	__ecx =  *(__ebp + 0xc);
																	__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																	__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x36;
																	if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x36) {
																		L50:
																		__ecx =  *(__ebp + 0xc);
																		__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																		__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x33;
																		if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x33) {
																			L53:
																			__ecx =  *(__ebp + 0xc);
																			__edx =  *__ecx & 0x0000ffff;
																			__eflags = ( *__ecx & 0x0000ffff) - 0x64;
																			if(( *__ecx & 0x0000ffff) == 0x64) {
																				L59:
																				L61:
																				goto L64;
																			}
																			L54:
																			__eax =  *(__ebp + 0xc);
																			__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																			__eflags = __ecx - 0x69;
																			if(__ecx == 0x69) {
																				goto L59;
																			}
																			L55:
																			__edx =  *(__ebp + 0xc);
																			__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																			__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x6f;
																			if(( *( *(__ebp + 0xc)) & 0x0000ffff) == 0x6f) {
																				goto L59;
																			}
																			L56:
																			__ecx =  *(__ebp + 0xc);
																			__edx =  *__ecx & 0x0000ffff;
																			__eflags = ( *__ecx & 0x0000ffff) - 0x75;
																			if(( *__ecx & 0x0000ffff) == 0x75) {
																				goto L59;
																			}
																			L57:
																			__eax =  *(__ebp + 0xc);
																			__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																			__eflags = __ecx - 0x78;
																			if(__ecx == 0x78) {
																				goto L59;
																			}
																			L58:
																			__edx =  *(__ebp + 0xc);
																			__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																			__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x58;
																			if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x58) {
																				 *(__ebp - 0x45c) = 0;
																				goto L18;
																			}
																			goto L59;
																		}
																		L51:
																		__eax =  *(__ebp + 0xc);
																		__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
																		__eflags = __ecx - 0x32;
																		if(__ecx != 0x32) {
																			goto L53;
																		} else {
																			 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																			 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
																			goto L61;
																		}
																	}
																	L48:
																	__eax =  *(__ebp + 0xc);
																	__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
																	__eflags = __ecx - 0x34;
																	if(__ecx != 0x34) {
																		goto L50;
																	} else {
																		 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																		 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
																		goto L61;
																	}
																case 1:
																	L62:
																	__ecx =  *(__ebp - 0x10);
																	__ecx =  *(__ebp - 0x10) | 0x00000020;
																	 *(__ebp - 0x10) = __ecx;
																	goto L64;
																case 2:
																	L43:
																	__edx =  *(__ebp + 0xc);
																	__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																	__eflags = ( *( *(__ebp + 0xc)) & 0x0000ffff) - 0x6c;
																	if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x6c) {
																		__eax =  *(__ebp - 0x10);
																		__eax =  *(__ebp - 0x10) | 0x00000010;
																		__eflags = __eax;
																		 *(__ebp - 0x10) = __eax;
																	} else {
																		__ecx =  *(__ebp + 0xc);
																		__ecx =  *(__ebp + 0xc) + 2;
																		 *(__ebp + 0xc) = __ecx;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																	}
																	goto L64;
																case 3:
																	L63:
																	__edx =  *(__ebp - 0x10);
																	__edx =  *(__ebp - 0x10) | 0x00000800;
																	__eflags = __edx;
																	 *(__ebp - 0x10) = __edx;
																	goto L64;
																case 4:
																	goto L64;
															}
														case 7:
															L65:
															__eax =  *(__ebp - 0x454) & 0x0000ffff;
															 *(__ebp - 0x4ec) =  *(__ebp - 0x454) & 0x0000ffff;
															__ecx =  *(__ebp - 0x4ec);
															__ecx =  *(__ebp - 0x4ec) - 0x41;
															 *(__ebp - 0x4ec) = __ecx;
															__eflags =  *(__ebp - 0x4ec) - 0x37;
															if( *(__ebp - 0x4ec) > 0x37) {
																while(1) {
																	L187:
																	__eflags =  *(_t674 - 0x28);
																	if( *(_t674 - 0x28) != 0) {
																		goto L212;
																	}
																	goto L188;
																}
															}
															L66:
															_t142 =  *(__ebp - 0x4ec) + 0x423f50; // 0xcccccc0d
															__eax =  *_t142 & 0x000000ff;
															switch( *((intOrPtr*)(( *_t142 & 0x000000ff) * 4 +  &M00423F14))) {
																case 0:
																	L120:
																	 *(__ebp - 0x2c) = 1;
																	 *(__ebp - 0x454) & 0x0000ffff = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
																	__eflags = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
																	 *(__ebp - 0x454) = __ax;
																	goto L121;
																case 1:
																	L67:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																	__eflags =  *(__ebp - 0x10) & 0x00000830;
																	if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																		__edx =  *(__ebp - 0x10);
																		__edx =  *(__ebp - 0x10) | 0x00000020;
																		__eflags = __edx;
																		 *(__ebp - 0x10) = __edx;
																	}
																	goto L69;
																case 2:
																	L82:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																	__eflags =  *(__ebp - 0x10) & 0x00000830;
																	if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																		__ecx =  *(__ebp - 0x10);
																		__ecx =  *(__ebp - 0x10) | 0x00000020;
																		__eflags = __ecx;
																		 *(__ebp - 0x10) = __ecx;
																	}
																	goto L84;
																case 3:
																	L144:
																	 *(__ebp - 0x460) = 7;
																	goto L146;
																case 4:
																	L75:
																	__eax = __ebp + 0x14;
																	 *(__ebp - 0x474) = E0041C290(__ebp + 0x14);
																	__eflags =  *(__ebp - 0x474);
																	if( *(__ebp - 0x474) == 0) {
																		L77:
																		__edx =  *0x60b4f0; // 0x407424
																		 *(__ebp - 4) = __edx;
																		__eax =  *(__ebp - 4);
																		 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																		L81:
																		goto L187;
																	}
																	L76:
																	__ecx =  *(__ebp - 0x474);
																	__eflags =  *(__ecx + 4);
																	if( *(__ecx + 4) != 0) {
																		 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
																		__eflags =  *(__ebp - 0x10) & 0x00000800;
																		if(( *(__ebp - 0x10) & 0x00000800) == 0) {
																			 *(__ebp - 0xc) = 0;
																			__edx =  *(__ebp - 0x474);
																			__eax =  *(__edx + 4);
																			 *(__ebp - 4) =  *(__edx + 4);
																			__ecx =  *(__ebp - 0x474);
																			__edx =  *__ecx;
																			 *(__ebp - 0x24) =  *__ecx;
																		} else {
																			__edx =  *(__ebp - 0x474);
																			__eax =  *(__edx + 4);
																			 *(__ebp - 4) =  *(__edx + 4);
																			__ecx =  *(__ebp - 0x474);
																			__eax =  *__ecx;
																			asm("cdq");
																			 *__ecx - __edx =  *__ecx - __edx >> 1;
																			 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
																			 *(__ebp - 0xc) = 1;
																		}
																		goto L81;
																	}
																	goto L77;
																case 5:
																	L121:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																	__edx = __ebp - 0x448;
																	 *(__ebp - 4) = __ebp - 0x448;
																	 *(__ebp - 0x44) = 0x200;
																	__eflags =  *(__ebp - 0x30);
																	if( *(__ebp - 0x30) >= 0) {
																		L123:
																		__eflags =  *(__ebp - 0x30);
																		if( *(__ebp - 0x30) != 0) {
																			L126:
																			__eflags =  *(__ebp - 0x30) - 0x200;
																			if( *(__ebp - 0x30) > 0x200) {
																				 *(__ebp - 0x30) = 0x200;
																			}
																			L128:
																			__eflags =  *(__ebp - 0x30) - 0xa3;
																			if( *(__ebp - 0x30) > 0xa3) {
																				__ecx =  *(__ebp - 0x30);
																				__ecx =  *(__ebp - 0x30) + 0x15d;
																				 *(__ebp - 0x20) = L0040B5C0( *(__ebp - 0x30) + 0x15d,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																				__eflags =  *(__ebp - 0x20);
																				if( *(__ebp - 0x20) == 0) {
																					 *(__ebp - 0x30) = 0xa3;
																				} else {
																					__edx =  *(__ebp - 0x20);
																					 *(__ebp - 4) =  *(__ebp - 0x20);
																					 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																					 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																				}
																			}
																			 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																			 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																			__edx =  *(__ebp + 0x14);
																			__eax =  *(__edx - 8);
																			__ecx =  *(__edx - 4);
																			 *(__ebp - 0x490) =  *(__edx - 8);
																			 *(__ebp - 0x48c) =  *(__edx - 4);
																			__ecx = __ebp - 0x40;
																			_push(E0040D3B0(__ebp - 0x40));
																			__edx =  *(__ebp - 0x2c);
																			_push( *(__ebp - 0x2c));
																			__eax =  *(__ebp - 0x30);
																			_push( *(__ebp - 0x30));
																			__ecx =  *(__ebp - 0x454);
																			_push( *(__ebp - 0x454));
																			__edx =  *(__ebp - 0x44);
																			_push( *(__ebp - 0x44));
																			__eax =  *(__ebp - 4);
																			_push( *(__ebp - 4));
																			__ecx = __ebp - 0x490;
																			_push(__ebp - 0x490);
																			__edx =  *0x60b3cc; // 0x7e8c4bdb
																			E00410200(__edx) =  *__eax();
																			__esp = __esp + 0x1c;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			__eflags =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				__eflags =  *(__ebp - 0x30);
																				if( *(__ebp - 0x30) == 0) {
																					__ecx = __ebp - 0x40;
																					_push(E0040D3B0(__ebp - 0x40));
																					__ecx =  *(__ebp - 4);
																					_push( *(__ebp - 4));
																					__edx =  *0x60b3d8; // 0x7e8c4bdb
																					E00410200(__edx) =  *__eax();
																					__esp = __esp + 8;
																				}
																			}
																			__eax =  *(__ebp - 0x454) & 0x0000ffff;
																			__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x67;
																			if(( *(__ebp - 0x454) & 0x0000ffff) == 0x67) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																				__eflags =  *(__ebp - 0x10) & 0x00000080;
																				if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																					__ecx = __ebp - 0x40;
																					_push(E0040D3B0(__ebp - 0x40));
																					__edx =  *(__ebp - 4);
																					_push( *(__ebp - 4));
																					__eax =  *0x60b3d4; // 0x7e8c4bdb
																					__eax =  *__eax();
																					__esp = __esp + 8;
																				}
																			}
																			__ecx =  *(__ebp - 4);
																			__edx =  *( *(__ebp - 4));
																			__eflags =  *( *(__ebp - 4)) - 0x2d;
																			if( *( *(__ebp - 4)) == 0x2d) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																				__ecx =  *(__ebp - 4);
																				__ecx =  *(__ebp - 4) + 1;
																				__eflags = __ecx;
																				 *(__ebp - 4) = __ecx;
																			}
																			__edx =  *(__ebp - 4);
																			 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																			do {
																				L187:
																				__eflags =  *(_t674 - 0x28);
																				if( *(_t674 - 0x28) != 0) {
																					goto L212;
																				}
																				goto L188;
																			} while ( *(__ebp - 0x4ec) > 0x37);
																			goto L66;
																		}
																		L124:
																		__eax =  *(__ebp - 0x454) & 0x0000ffff;
																		__eflags = ( *(__ebp - 0x454) & 0x0000ffff) - 0x67;
																		if(( *(__ebp - 0x454) & 0x0000ffff) != 0x67) {
																			goto L126;
																		}
																		L125:
																		 *(__ebp - 0x30) = 1;
																		goto L128;
																	}
																	L122:
																	 *(__ebp - 0x30) = 6;
																	goto L128;
																case 6:
																	L69:
																	 *(__ebp - 0xc) = 1;
																	__ebp + 0x14 = E0041C290(__ebp + 0x14);
																	 *(__ebp - 0x458) = __ax;
																	__ecx =  *(__ebp - 0x10);
																	__ecx =  *(__ebp - 0x10) & 0x00000020;
																	__eflags = __ecx;
																	if(__ecx == 0) {
																		 *(__ebp - 0x448) =  *(__ebp - 0x458);
																	} else {
																		 *(__ebp - 0x458) & 0x0000ffff =  *(__ebp - 0x458) & 0xff;
																		 *(__ebp - 0x470) = __dl;
																		 *((char*)(__ebp - 0x46f)) = 0;
																		__ecx = __ebp - 0x40;
																		__eax = E0040D3B0(__ebp - 0x40);
																		__ecx = __ebp - 0x40;
																		E0040D3B0(__ebp - 0x40) =  *__eax;
																		__ecx =  *(__ebp - 0x448 + 0xac);
																		__edx = __ebp - 0x470;
																		__eax = __ebp - 0x448;
																		__eax = E00419150(__ebp - 0x448, __ebp - 0x470,  *(__ebp - 0x448 + 0xac), __ebp - 0x448);
																		__eflags = __eax;
																		if(__eax < 0) {
																			 *(__ebp - 0x28) = 1;
																		}
																	}
																	__edx = __ebp - 0x448;
																	 *(__ebp - 4) = __ebp - 0x448;
																	 *(__ebp - 0x24) = 1;
																	while(1) {
																		L187:
																		__eflags =  *(_t674 - 0x28);
																		if( *(_t674 - 0x28) != 0) {
																			goto L212;
																		}
																		goto L188;
																	}
																case 7:
																	L141:
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																	 *((intOrPtr*)(__ebp - 8)) = 0xa;
																	L150:
																	__eflags =  *(_t674 - 0x10) & 0x00008000;
																	if(( *(_t674 - 0x10) & 0x00008000) == 0) {
																		_t623 =  *(_t674 - 0x10) & 0x00001000;
																		__eflags = _t623;
																		if(_t623 == 0) {
																			__eflags =  *(_t674 - 0x10) & 0x00000020;
																			if(( *(_t674 - 0x10) & 0x00000020) == 0) {
																				_t625 =  *(_t674 - 0x10) & 0x00000040;
																				__eflags = _t625;
																				if(_t625 == 0) {
																					_t483 = E0041C290(_t674 + 0x14);
																					_t676 = _t676 + 4;
																					__eflags = 0;
																					 *(_t674 - 0x4a0) = _t483;
																					 *(_t674 - 0x49c) = 0;
																				} else {
																					_t556 = E0041C290(_t674 + 0x14);
																					_t676 = _t676 + 4;
																					asm("cdq");
																					 *(_t674 - 0x4a0) = _t556;
																					 *(_t674 - 0x49c) = _t625;
																				}
																			} else {
																				_t671 =  *(_t674 - 0x10) & 0x00000040;
																				__eflags = _t671;
																				if(_t671 == 0) {
																					_t557 = E0041C290(_t674 + 0x14);
																					_t676 = _t676 + 4;
																					asm("cdq");
																					 *(_t674 - 0x4a0) = _t557 & 0x0000ffff;
																					 *(_t674 - 0x49c) = _t671;
																				} else {
																					_t560 = E0041C290(_t674 + 0x14);
																					_t676 = _t676 + 4;
																					asm("cdq");
																					 *(_t674 - 0x4a0) = _t560;
																					 *(_t674 - 0x49c) = _t671;
																				}
																			}
																		} else {
																			_t563 = E0041C2B0(_t674 + 0x14);
																			_t676 = _t676 + 4;
																			 *(_t674 - 0x4a0) = _t563;
																			 *(_t674 - 0x49c) = _t623;
																		}
																	} else {
																		_t564 = E0041C2B0(_t674 + 0x14);
																		_t676 = _t676 + 4;
																		 *(_t674 - 0x4a0) = _t564;
																		 *(_t674 - 0x49c) = _t621;
																	}
																	__eflags =  *(_t674 - 0x10) & 0x00000040;
																	if(( *(_t674 - 0x10) & 0x00000040) == 0) {
																		goto L167;
																	}
																case 8:
																	L106:
																	__eax = __ebp + 0x14;
																	 *(__ebp - 0x484) = E0041C290(__ebp + 0x14);
																	__eax = E00420F80();
																	__eflags = __eax;
																	if(__eax != 0) {
																		L116:
																		__ecx =  *(__ebp - 0x10);
																		__ecx =  *(__ebp - 0x10) & 0x00000020;
																		__eflags = __ecx;
																		if(__ecx == 0) {
																			__ecx =  *(__ebp - 0x484);
																			__edx =  *(__ebp - 0x44c);
																			 *__ecx =  *(__ebp - 0x44c);
																		} else {
																			__edx =  *(__ebp - 0x484);
																			__ax =  *(__ebp - 0x44c);
																			 *( *(__ebp - 0x484)) = __ax;
																		}
																		 *(__ebp - 0x28) = 1;
																		while(1) {
																			L187:
																			__eflags =  *(_t674 - 0x28);
																			if( *(_t674 - 0x28) != 0) {
																				goto L212;
																			}
																			goto L188;
																		}
																	}
																	L107:
																	__ecx = 0;
																	__eflags = 0;
																	if(0 == 0) {
																		 *(__ebp - 0x4f4) = 0;
																	} else {
																		 *(__ebp - 0x4f4) = 1;
																	}
																	__edx =  *(__ebp - 0x4f4);
																	 *(__ebp - 0x488) =  *(__ebp - 0x4f4);
																	__eflags =  *(__ebp - 0x488);
																	if( *(__ebp - 0x488) == 0) {
																		_push(L"(\"\'n\' format specifier disabled\", 0)");
																		_push(0);
																		_push(0x695);
																		_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																		_push(2);
																		__eax = L0040E1A0();
																		__esp = __esp + 0x14;
																		__eflags = __eax - 1;
																		if(__eax == 1) {
																			asm("int3");
																		}
																	}
																	__eflags =  *(__ebp - 0x488);
																	if( *(__ebp - 0x488) != 0) {
																		L115:
																		while(1) {
																			L187:
																			__eflags =  *(_t674 - 0x28);
																			if( *(_t674 - 0x28) != 0) {
																				goto L212;
																			}
																			goto L188;
																		}
																	} else {
																		L114:
																		 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
																		__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
																		 *(__ebp - 0x4cc) = 0xffffffff;
																		__ecx = __ebp - 0x40;
																		__eax = E0040D380(__ecx);
																		__eax =  *(__ebp - 0x4cc);
																		goto L225;
																	}
																case 9:
																	goto L0;
																case 0xa:
																	L143:
																	 *(__ebp - 0x30) = 8;
																	goto L144;
																case 0xb:
																	L84:
																	__eflags =  *(__ebp - 0x30) - 0xffffffff;
																	if( *(__ebp - 0x30) != 0xffffffff) {
																		__edx =  *(__ebp - 0x30);
																		 *(__ebp - 0x4f0) =  *(__ebp - 0x30);
																	} else {
																		 *(__ebp - 0x4f0) = 0x7fffffff;
																	}
																	__eax =  *(__ebp - 0x4f0);
																	 *(__ebp - 0x47c) =  *(__ebp - 0x4f0);
																	__ecx = __ebp + 0x14;
																	 *(__ebp - 4) = E0041C290(__ebp + 0x14);
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																	__eflags =  *(__ebp - 0x10) & 0x00000020;
																	if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																		L98:
																		__eflags =  *(__ebp - 4);
																		if( *(__ebp - 4) == 0) {
																			__ecx =  *0x60b4f4; // 0x407414
																			 *(__ebp - 4) = __ecx;
																		}
																		 *(__ebp - 0xc) = 1;
																		__edx =  *(__ebp - 4);
																		 *(__ebp - 0x480) =  *(__ebp - 4);
																		while(1) {
																			L101:
																			__eax =  *(__ebp - 0x47c);
																			__ecx =  *(__ebp - 0x47c);
																			__ecx =  *(__ebp - 0x47c) - 1;
																			 *(__ebp - 0x47c) = __ecx;
																			__eflags =  *(__ebp - 0x47c);
																			if( *(__ebp - 0x47c) == 0) {
																				break;
																			}
																			L102:
																			__edx =  *(__ebp - 0x480);
																			__eax =  *( *(__ebp - 0x480)) & 0x0000ffff;
																			__eflags =  *( *(__ebp - 0x480)) & 0x0000ffff;
																			if(( *( *(__ebp - 0x480)) & 0x0000ffff) == 0) {
																				break;
																			}
																			L103:
																			 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
																			 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
																		}
																		L104:
																		__edx =  *(__ebp - 0x480);
																		__edx =  *(__ebp - 0x480) -  *(__ebp - 4);
																		__eflags = __edx;
																		 *(__ebp - 0x24) = __edx;
																		goto L105;
																	} else {
																		L88:
																		__eflags =  *(__ebp - 4);
																		if( *(__ebp - 4) == 0) {
																			__eax =  *0x60b4f0; // 0x407424
																			 *(__ebp - 4) = __eax;
																		}
																		__ecx =  *(__ebp - 4);
																		 *(__ebp - 0x478) = __ecx;
																		 *(__ebp - 0x24) = 0;
																		while(1) {
																			L92:
																			__eax =  *(__ebp - 0x24);
																			__eflags =  *(__ebp - 0x24) -  *(__ebp - 0x47c);
																			if( *(__ebp - 0x24) >=  *(__ebp - 0x47c)) {
																				break;
																			}
																			L93:
																			__ecx =  *(__ebp - 0x478);
																			__edx =  *__ecx;
																			__eflags =  *__ecx;
																			if( *__ecx == 0) {
																				break;
																			}
																			L94:
																			__ecx = __ebp - 0x40;
																			E0040D3B0(__ebp - 0x40) =  *(__ebp - 0x478);
																			__ecx =  *( *(__ebp - 0x478)) & 0x000000ff;
																			__eax = E00419390( *( *(__ebp - 0x478)) & 0x000000ff,  *(__ebp - 0x478));
																			__eflags = __eax;
																			if(__eax != 0) {
																				__edx =  *(__ebp - 0x478);
																				__edx =  *(__ebp - 0x478) + 1;
																				__eflags = __edx;
																				 *(__ebp - 0x478) = __edx;
																			}
																			 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																			 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																			__edx =  *(__ebp - 0x24);
																			__edx =  *(__ebp - 0x24) + 1;
																			__eflags = __edx;
																			 *(__ebp - 0x24) = __edx;
																		}
																		L97:
																		L105:
																		while(1) {
																			L187:
																			__eflags =  *(_t674 - 0x28);
																			if( *(_t674 - 0x28) != 0) {
																				goto L212;
																			}
																			goto L188;
																		}
																	}
																case 0xc:
																	L142:
																	 *((intOrPtr*)(__ebp - 8)) = 0xa;
																	while(1) {
																		L150:
																		__eflags =  *(_t674 - 0x10) & 0x00008000;
																		if(( *(_t674 - 0x10) & 0x00008000) == 0) {
																			_t623 =  *(_t674 - 0x10) & 0x00001000;
																			__eflags = _t623;
																			if(_t623 == 0) {
																				__eflags =  *(_t674 - 0x10) & 0x00000020;
																				if(( *(_t674 - 0x10) & 0x00000020) == 0) {
																					_t625 =  *(_t674 - 0x10) & 0x00000040;
																					__eflags = _t625;
																					if(_t625 == 0) {
																						_t483 = E0041C290(_t674 + 0x14);
																						_t676 = _t676 + 4;
																						__eflags = 0;
																						 *(_t674 - 0x4a0) = _t483;
																						 *(_t674 - 0x49c) = 0;
																					} else {
																						_t556 = E0041C290(_t674 + 0x14);
																						_t676 = _t676 + 4;
																						asm("cdq");
																						 *(_t674 - 0x4a0) = _t556;
																						 *(_t674 - 0x49c) = _t625;
																					}
																				} else {
																					_t671 =  *(_t674 - 0x10) & 0x00000040;
																					__eflags = _t671;
																					if(_t671 == 0) {
																						_t557 = E0041C290(_t674 + 0x14);
																						_t676 = _t676 + 4;
																						asm("cdq");
																						 *(_t674 - 0x4a0) = _t557 & 0x0000ffff;
																						 *(_t674 - 0x49c) = _t671;
																					} else {
																						_t560 = E0041C290(_t674 + 0x14);
																						_t676 = _t676 + 4;
																						asm("cdq");
																						 *(_t674 - 0x4a0) = _t560;
																						 *(_t674 - 0x49c) = _t671;
																					}
																				}
																			} else {
																				_t563 = E0041C2B0(_t674 + 0x14);
																				_t676 = _t676 + 4;
																				 *(_t674 - 0x4a0) = _t563;
																				 *(_t674 - 0x49c) = _t623;
																			}
																		} else {
																			_t564 = E0041C2B0(_t674 + 0x14);
																			_t676 = _t676 + 4;
																			 *(_t674 - 0x4a0) = _t564;
																			 *(_t674 - 0x49c) = _t621;
																		}
																		__eflags =  *(_t674 - 0x10) & 0x00000040;
																		if(( *(_t674 - 0x10) & 0x00000040) == 0) {
																			goto L167;
																		}
																		goto L163;
																	}
																case 0xd:
																	L145:
																	 *(__ebp - 0x460) = 0x27;
																	L146:
																	 *((intOrPtr*)(__ebp - 8)) = 0x10;
																	 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																	__eflags =  *(__ebp - 0x10) & 0x00000080;
																	if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																		__edx = 0x30;
																		 *((short*)(__ebp - 0x14)) = __dx;
																		 *(__ebp - 0x460) =  *(__ebp - 0x460) + 0x51;
																		__eflags =  *(__ebp - 0x460) + 0x51;
																		 *(__ebp - 0x12) = __ax;
																		 *(__ebp - 0x1c) = 2;
																	}
																	while(1) {
																		L150:
																		__eflags =  *(_t674 - 0x10) & 0x00008000;
																		if(( *(_t674 - 0x10) & 0x00008000) == 0) {
																			_t623 =  *(_t674 - 0x10) & 0x00001000;
																			__eflags = _t623;
																			if(_t623 == 0) {
																				__eflags =  *(_t674 - 0x10) & 0x00000020;
																				if(( *(_t674 - 0x10) & 0x00000020) == 0) {
																					_t625 =  *(_t674 - 0x10) & 0x00000040;
																					__eflags = _t625;
																					if(_t625 == 0) {
																						_t483 = E0041C290(_t674 + 0x14);
																						_t676 = _t676 + 4;
																						__eflags = 0;
																						 *(_t674 - 0x4a0) = _t483;
																						 *(_t674 - 0x49c) = 0;
																					} else {
																						_t556 = E0041C290(_t674 + 0x14);
																						_t676 = _t676 + 4;
																						asm("cdq");
																						 *(_t674 - 0x4a0) = _t556;
																						 *(_t674 - 0x49c) = _t625;
																					}
																				} else {
																					_t671 =  *(_t674 - 0x10) & 0x00000040;
																					__eflags = _t671;
																					if(_t671 == 0) {
																						_t557 = E0041C290(_t674 + 0x14);
																						_t676 = _t676 + 4;
																						asm("cdq");
																						 *(_t674 - 0x4a0) = _t557 & 0x0000ffff;
																						 *(_t674 - 0x49c) = _t671;
																					} else {
																						_t560 = E0041C290(_t674 + 0x14);
																						_t676 = _t676 + 4;
																						asm("cdq");
																						 *(_t674 - 0x4a0) = _t560;
																						 *(_t674 - 0x49c) = _t671;
																					}
																				}
																			} else {
																				_t563 = E0041C2B0(_t674 + 0x14);
																				_t676 = _t676 + 4;
																				 *(_t674 - 0x4a0) = _t563;
																				 *(_t674 - 0x49c) = _t623;
																			}
																		} else {
																			_t564 = E0041C2B0(_t674 + 0x14);
																			_t676 = _t676 + 4;
																			 *(_t674 - 0x4a0) = _t564;
																			 *(_t674 - 0x49c) = _t621;
																		}
																		__eflags =  *(_t674 - 0x10) & 0x00000040;
																		if(( *(_t674 - 0x10) & 0x00000040) == 0) {
																			goto L167;
																		}
																		goto L163;
																	}
																case 0xe:
																	while(1) {
																		L187:
																		__eflags =  *(_t674 - 0x28);
																		if( *(_t674 - 0x28) != 0) {
																			goto L212;
																		}
																		goto L188;
																	}
															}
														case 8:
															L24:
															__ecx =  *(__ebp - 0x10);
															__ecx =  *(__ebp - 0x10) | 0x00000002;
															 *(__ebp - 0x10) = __ecx;
															goto L27;
														case 9:
															L25:
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
															goto L27;
														case 0xa:
															L23:
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
															goto L27;
														case 0xb:
															L22:
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
															goto L27;
														case 0xc:
															L26:
															__eax =  *(__ebp - 0x10);
															__eax =  *(__ebp - 0x10) | 0x00000008;
															__eflags = __eax;
															 *(__ebp - 0x10) = __eax;
															goto L27;
														case 0xd:
															L27:
															goto L214;
													}
												} else {
													_t642 = 0;
													if(0 == 0) {
														 *(_t674 - 0x4dc) = 0;
													} else {
														 *(_t674 - 0x4dc) = 1;
													}
													 *(_t674 - 0x46c) =  *(_t674 - 0x4dc);
													if( *(_t674 - 0x46c) == 0) {
														_push(L"(\"Incorrect format specifier\", 0)");
														_push(0);
														_push(0x460);
														_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
														_push(2);
														_t517 = L0040E1A0();
														_t676 = _t676 + 0x14;
														if(_t517 == 1) {
															asm("int3");
														}
													}
													L14:
													if( *(_t674 - 0x46c) != 0) {
														goto L16;
													} else {
														 *((intOrPtr*)(L0040EC70(_t588))) = 0x16;
														E00411A50(_t565, _t588, _t672, _t673, L"(\"Incorrect format specifier\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
														 *(_t674 - 0x4c8) = 0xffffffff;
														E0040D380(_t674 - 0x40);
														_t502 =  *(_t674 - 0x4c8);
														L225:
														return E00416CA0(_t502, _t565,  *(_t674 - 0x48) ^ _t674, _t642, _t672, _t673);
													}
												}
											}
											L215:
											__eflags =  *(_t674 - 0x45c);
											if( *(_t674 - 0x45c) == 0) {
												L218:
												 *(_t674 - 0x4f8) = 1;
												L219:
												_t642 =  *(_t674 - 0x4f8);
												 *(_t674 - 0x4bc) =  *(_t674 - 0x4f8);
												__eflags =  *(_t674 - 0x4bc);
												if( *(_t674 - 0x4bc) == 0) {
													_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
													_push(0);
													_push(0x8f5);
													_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
													_push(2);
													_t507 = L0040E1A0();
													_t676 = _t676 + 0x14;
													__eflags = _t507 - 1;
													if(_t507 == 1) {
														asm("int3");
													}
												}
												__eflags =  *(_t674 - 0x4bc);
												if( *(_t674 - 0x4bc) != 0) {
													 *(_t674 - 0x4d4) =  *(_t674 - 0x44c);
													E0040D380(_t674 - 0x40);
													_t502 =  *(_t674 - 0x4d4);
												} else {
													 *((intOrPtr*)(L0040EC70(_t580))) = 0x16;
													E00411A50(_t565, _t580, _t672, _t673, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
													 *(_t674 - 0x4d0) = 0xffffffff;
													E0040D380(_t674 - 0x40);
													_t502 =  *(_t674 - 0x4d0);
												}
												goto L225;
											}
											L216:
											__eflags =  *(_t674 - 0x45c) - 7;
											if( *(_t674 - 0x45c) == 7) {
												goto L218;
											}
											L217:
											 *(_t674 - 0x4f8) = 0;
											goto L219;
										}
									}
									L184:
									__eflags =  *(_t674 - 0x24);
									if( *(_t674 - 0x24) == 0) {
										L186:
										 *((intOrPtr*)(_t674 - 4)) =  *((intOrPtr*)(_t674 - 4)) - 1;
										 *((char*)( *((intOrPtr*)(_t674 - 4)))) = 0x30;
										_t613 =  *(_t674 - 0x24) + 1;
										__eflags = _t613;
										 *(_t674 - 0x24) = _t613;
										goto L187;
									}
									L185:
									__eflags =  *((char*)( *((intOrPtr*)(_t674 - 4)))) - 0x30;
									if( *((char*)( *((intOrPtr*)(_t674 - 4)))) == 0x30) {
										goto L187;
									}
									goto L186;
								}
								L180:
								asm("cdq");
								_t632 =  *(_t674 - 0x4a8);
								 *(_t674 - 0x494) = E0041CE40(_t632,  *(_t674 - 0x4a4),  *(_t674 - 8), _t631) + 0x30;
								asm("cdq");
								 *(_t674 - 0x4a8) = E0041CDD0( *(_t674 - 0x4a8),  *(_t674 - 0x4a4),  *(_t674 - 8), _t632);
								 *(_t674 - 0x4a4) = _t632;
								__eflags =  *(_t674 - 0x494) - 0x39;
								if( *(_t674 - 0x494) > 0x39) {
									_t636 =  *(_t674 - 0x494) +  *((intOrPtr*)(_t674 - 0x460));
									__eflags = _t636;
									 *(_t674 - 0x494) = _t636;
								}
								 *((char*)( *((intOrPtr*)(_t674 - 4)))) =  *(_t674 - 0x494);
								 *((intOrPtr*)(_t674 - 4)) =  *((intOrPtr*)(_t674 - 4)) - 1;
								L178:
								_t631 =  *(_t674 - 0x30) - 1;
								 *(_t674 - 0x30) =  *(_t674 - 0x30) - 1;
								__eflags =  *(_t674 - 0x30);
								if( *(_t674 - 0x30) > 0) {
									goto L180;
								}
								goto L179;
							}
						}
						L165:
						__eflags =  *(_t674 - 0x4a0);
						if( *(_t674 - 0x4a0) >= 0) {
							goto L167;
						}
						goto L166;
						L167:
						 *(_t674 - 0x4a8) =  *(_t674 - 0x4a0);
						 *(_t674 - 0x4a4) =  *(_t674 - 0x49c);
						goto L168;
					}
				}
			}

0x00423904
0x00423904
0x00423904
0x00423904
0x00423904
0x00423904
0x00423904
0x00423914
0x00423916
0x00423919
0x00423919
0x0042391f
0x0042391f
0x00423922
0x00423922
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239e2
0x004239e7
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c7
0x004239cc
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x004239a1
0x004239a6
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423985
0x0042398a
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423958
0x0042395d
0x00423960
0x00423966
0x00423966
0x0042392c
0x00423930
0x00423935
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00423a00
0x00423a00
0x00423a07
0x00000000
0x00000000
0x00423a09
0x00423a09
0x00423a14
0x00423a22
0x00423a27
0x00423a2d
0x00423a3b
0x00423a58
0x00423a5b
0x00423a60
0x00423a65
0x00423a6b
0x00423a79
0x00423a79
0x00423a82
0x00423a82
0x00423a6b
0x00423a88
0x00423a8c
0x00423a9d
0x00423aa0
0x00423aa7
0x00423aa9
0x00423aa9
0x00423a8e
0x00423a8e
0x00423a8e
0x00423ab6
0x00423abc
0x00423abe
0x00423abe
0x00423acb
0x00423ace
0x00423ace
0x00423ad4
0x00423ad7
0x00423ada
0x00423adc
0x00000000
0x00000000
0x00423ade
0x00423ae4
0x00423aea
0x00423b67
0x00423b70
0x00423b79
0x00423b7f
0x00423b85
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00423bba
0x00423bbd
0x00423bc0
0x00423bc5
0x00423bca
0x00423be1
0x00423be4
0x00423bfb
0x00423bfe
0x00423c05
0x00423c09
0x00423c09
0x00423be6
0x00423beb
0x00423bef
0x00423bef
0x00423bcc
0x00423bd1
0x00423bd5
0x00423bd5
0x00423bca
0x00423c19
0x00423c22
0x00423c25
0x00423c3b
0x00423c40
0x00423c40
0x00423c56
0x00423c5b
0x00423c61
0x00423c64
0x00423c69
0x00423c6c
0x00423c82
0x00423c87
0x00423c87
0x00423c6c
0x00423c8a
0x00423c8e
0x00423d48
0x00423d5b
0x00423d60
0x00000000
0x00423c94
0x00423c94
0x00423c94
0x00423c98
0x00000000
0x00000000
0x00423c9e
0x00423ca1
0x00423caa
0x00423cb0
0x00423cb0
0x00423cbf
0x00423cc5
0x00423cc7
0x00000000
0x00000000
0x00423cc9
0x00423ccc
0x00423cf1
0x00423cf6
0x00423cf9
0x00423cff
0x00423d06
0x00423d14
0x00423d27
0x00423d2c
0x00423d3b
0x00000000
0x00423d3b
0x00423d08
0x00423d08
0x00000000
0x00423d08
0x00423d46
0x00423d63
0x00423d63
0x00423d6a
0x00423d6f
0x00423d72
0x00423d88
0x00423d8d
0x00423d8d
0x00423d72
0x00423d6a
0x00423d90
0x00423d90
0x00423d94
0x00423d9c
0x00423da1
0x00423da4
0x00423da4
0x00423dab
0x00423dab
0x00422f2b
0x00422f32
0x00422f3f
0x00422f44
0x00000000
0x00422f57
0x00422f61
0x00422f88
0x00422f6f
0x00422f80
0x00422f80
0x00422f61
0x00422f92
0x00422f98
0x00422fa4
0x00422fa7
0x00422fb5
0x00422fb8
0x00422fc5
0x0042306a
0x00423070
0x00423076
0x0042307d
0x00000000
0x00000000
0x00423083
0x00423089
0x00000000
0x00423090
0x00423090
0x004230aa
0x004230af
0x00000000
0x00000000
0x004230b7
0x004230b7
0x004230be
0x004230c1
0x004230c4
0x004230c7
0x004230ca
0x004230cd
0x004230d0
0x004230d7
0x004230de
0x00000000
0x00000000
0x004230ea
0x004230ea
0x004230f1
0x004230fd
0x00423100
0x00423106
0x0042310d
0x00000000
0x00000000
0x0042310f
0x00423115
0x00423115
0x0042311c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423160
0x00423160
0x00423167
0x0042316a
0x00423194
0x00423197
0x00423197
0x004231a1
0x004231a1
0x004231a5
0x0042316c
0x0042316c
0x00423178
0x0042317b
0x0042317f
0x00423181
0x00423184
0x00423184
0x00423187
0x0042318a
0x0042318d
0x0042318f
0x0042318f
0x00423192
0x004231a8
0x00000000
0x00000000
0x004231ad
0x004231ad
0x00000000
0x00000000
0x004231b9
0x004231b9
0x004231c0
0x004231c3
0x004231e3
0x004231e6
0x004231e6
0x004231f0
0x004231f0
0x004231f4
0x004231c5
0x004231c5
0x004231d1
0x004231d4
0x004231d8
0x004231da
0x004231da
0x004231e1
0x00000000
0x00000000
0x004231fc
0x004231fc
0x00423203
0x0042320f
0x00423212
0x00423218
0x0042321f
0x00423332
0x00000000
0x00423332
0x00423225
0x0042322b
0x0042322b
0x00423232
0x00000000
0x00423269
0x00423269
0x0042326c
0x0042326f
0x00423272
0x00423299
0x00423299
0x0042329c
0x0042329f
0x004232a2
0x004232c6
0x004232c6
0x004232c9
0x004232cc
0x004232cf
0x00423308
0x00423319
0x00000000
0x00423319
0x004232d1
0x004232d1
0x004232d4
0x004232d7
0x004232da
0x00000000
0x00000000
0x004232dc
0x004232dc
0x004232df
0x004232e2
0x004232e5
0x00000000
0x00000000
0x004232e7
0x004232e7
0x004232ea
0x004232ed
0x004232f0
0x00000000
0x00000000
0x004232f2
0x004232f2
0x004232f5
0x004232f8
0x004232fb
0x00000000
0x00000000
0x004232fd
0x004232fd
0x00423300
0x00423303
0x00423306
0x0042330a
0x00000000
0x0042330a
0x00000000
0x00423306
0x004232a4
0x004232a4
0x004232a7
0x004232ab
0x004232ae
0x00000000
0x004232b0
0x004232b3
0x004232b6
0x004232bc
0x004232c1
0x00000000
0x004232c1
0x004232ae
0x00423274
0x00423274
0x00423277
0x0042327b
0x0042327e
0x00000000
0x00423280
0x00423283
0x00423286
0x0042328c
0x00423291
0x00000000
0x00423291
0x00000000
0x0042331b
0x0042331b
0x0042331e
0x00423321
0x00000000
0x00000000
0x00423239
0x00423239
0x0042323c
0x0042323f
0x00423242
0x0042325b
0x0042325e
0x0042325e
0x00423261
0x00423244
0x00423244
0x00423247
0x0042324a
0x00423250
0x00423256
0x00423256
0x00000000
0x00000000
0x00423326
0x00423326
0x00423329
0x00423329
0x0042332f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423337
0x00423337
0x0042333e
0x00423344
0x0042334a
0x0042334d
0x00423353
0x0042335a
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00423360
0x00423366
0x00423366
0x0042336d
0x00000000
0x004236f1
0x004236f1
0x004236ff
0x004236ff
0x00423702
0x00000000
0x00000000
0x00423374
0x00423377
0x00423377
0x0042337d
0x0042337f
0x00423382
0x00423382
0x00423385
0x00423385
0x00000000
0x00000000
0x004234ba
0x004234bd
0x004234bd
0x004234c2
0x004234c4
0x004234c7
0x004234c7
0x004234ca
0x004234ca
0x00000000
0x00000000
0x004238bd
0x004238bd
0x00000000
0x00000000
0x00423424
0x00423424
0x00423430
0x00423436
0x0042343d
0x0042344b
0x0042344b
0x00423451
0x00423454
0x00423460
0x004234b5
0x00000000
0x004234b5
0x0042343f
0x0042343f
0x00423445
0x00423449
0x00423468
0x00423468
0x0042346e
0x00423496
0x0042349d
0x004234a3
0x004234a6
0x004234a9
0x004234af
0x004234b2
0x00423470
0x00423470
0x00423476
0x00423479
0x0042347c
0x00423482
0x00423485
0x00423488
0x0042348a
0x0042348d
0x0042348d
0x00000000
0x0042346e
0x00000000
0x00000000
0x00423709
0x0042370c
0x0042370f
0x00423712
0x00423718
0x0042371b
0x00423722
0x00423726
0x00423731
0x00423731
0x00423735
0x0042374c
0x0042374c
0x00423753
0x00423755
0x00423755
0x0042375c
0x0042375c
0x00423763
0x00423771
0x00423774
0x00423783
0x00423786
0x0042378a
0x0042379f
0x0042378c
0x0042378c
0x0042378f
0x00423795
0x0042379a
0x0042379a
0x0042378a
0x004237a9
0x004237ac
0x004237af
0x004237b2
0x004237b5
0x004237b8
0x004237be
0x004237c4
0x004237cc
0x004237cd
0x004237d0
0x004237d1
0x004237d4
0x004237d5
0x004237dc
0x004237dd
0x004237e0
0x004237e1
0x004237e4
0x004237e5
0x004237eb
0x004237ec
0x004237fb
0x004237fd
0x00423803
0x00423803
0x00423808
0x0042380a
0x0042380e
0x00423810
0x00423818
0x00423819
0x0042381c
0x0042381d
0x0042382c
0x0042382e
0x0042382e
0x0042380e
0x00423831
0x00423838
0x0042383b
0x00423840
0x00423840
0x00423846
0x00423848
0x00423850
0x00423851
0x00423854
0x00423855
0x00423863
0x00423865
0x00423865
0x00423846
0x00423868
0x0042386b
0x0042386e
0x00423871
0x00423876
0x0042387b
0x0042387e
0x00423881
0x00423881
0x00423884
0x00423884
0x00423887
0x00423893
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x00423bb0
0x00423737
0x00423737
0x0042373e
0x00423741
0x00000000
0x00000000
0x00423743
0x00423743
0x00000000
0x00423743
0x00423728
0x00423728
0x00000000
0x00000000
0x00423388
0x00423388
0x00423393
0x0042339b
0x004233a2
0x004233a5
0x004233a5
0x004233a8
0x00423408
0x004233aa
0x004233b1
0x004233b7
0x004233bd
0x004233c4
0x004233c7
0x004233cd
0x004233d5
0x004233d7
0x004233de
0x004233e5
0x004233ec
0x004233f4
0x004233f6
0x004233f8
0x004233f8
0x004233ff
0x0042340f
0x00423415
0x00423418
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x0042389b
0x0042389e
0x004238a1
0x004238a4
0x00423922
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239e2
0x004239e7
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c7
0x004239cc
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x004239a1
0x004239a6
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423985
0x0042398a
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423958
0x0042395d
0x00423960
0x00423966
0x00423966
0x0042392c
0x00423930
0x00423935
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00000000
0x004235fa
0x004235fa
0x00423606
0x0042360c
0x00423611
0x00423613
0x004236bd
0x004236bd
0x004236c0
0x004236c0
0x004236c3
0x004236d7
0x004236dd
0x004236e3
0x004236c5
0x004236c5
0x004236cb
0x004236d2
0x004236d2
0x004236e5
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00423619
0x00423619
0x00423619
0x0042361b
0x00423629
0x0042361d
0x0042361d
0x0042361d
0x00423633
0x00423639
0x0042363f
0x00423646
0x00423648
0x0042364d
0x0042364f
0x00423654
0x00423659
0x0042365b
0x00423660
0x00423663
0x00423666
0x00423668
0x00423668
0x00423666
0x00423669
0x00423670
0x004236b8
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423672
0x00423672
0x00423677
0x00423693
0x0042369b
0x004236a5
0x004236a8
0x004236ad
0x00000000
0x004236ad
0x00000000
0x00000000
0x00000000
0x004238b6
0x004238b6
0x00000000
0x00000000
0x004234cd
0x004234cd
0x004234d1
0x004234df
0x004234e2
0x004234d3
0x004234d3
0x004234d3
0x004234e8
0x004234ee
0x004234f4
0x00423500
0x00423506
0x00423506
0x00423509
0x00423591
0x00423591
0x00423595
0x00423597
0x0042359d
0x0042359d
0x004235a0
0x004235a7
0x004235aa
0x004235b0
0x004235b0
0x004235b0
0x004235b6
0x004235bc
0x004235bf
0x004235c5
0x004235c7
0x00000000
0x00000000
0x004235c9
0x004235c9
0x004235cf
0x004235d2
0x004235d4
0x00000000
0x00000000
0x004235d6
0x004235dc
0x004235df
0x004235df
0x004235e7
0x004235e7
0x004235ed
0x004235ed
0x004235f2
0x00000000
0x0042350f
0x0042350f
0x0042350f
0x00423513
0x00423515
0x0042351a
0x0042351a
0x0042351d
0x00423520
0x00423526
0x00423538
0x00423538
0x00423538
0x0042353b
0x00423541
0x00000000
0x00000000
0x00423543
0x00423543
0x00423549
0x0042354c
0x0042354e
0x00000000
0x00000000
0x00423550
0x00423550
0x00423559
0x0042355f
0x00423563
0x0042356b
0x0042356d
0x0042356f
0x00423575
0x00423575
0x00423578
0x00423578
0x00423584
0x00423587
0x0042352f
0x00423532
0x00423532
0x00423535
0x00423535
0x0042358f
0x004235f5
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00423bb0
0x00000000
0x004238ad
0x004238ad
0x00423922
0x00423922
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239e2
0x004239e7
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c7
0x004239cc
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x004239a1
0x004239a6
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423985
0x0042398a
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423958
0x0042395d
0x00423960
0x00423966
0x00423966
0x0042392c
0x00423930
0x00423935
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00000000
0x004239fe
0x00000000
0x004238c9
0x004238c9
0x004238d3
0x004238d3
0x004238dd
0x004238dd
0x004238e3
0x004238e5
0x004238ea
0x004238f4
0x004238f4
0x004238f7
0x004238fb
0x004238fb
0x00423922
0x00423922
0x00423925
0x0042392a
0x0042394c
0x0042394c
0x00423952
0x00423974
0x00423977
0x004239be
0x004239be
0x004239c1
0x004239e2
0x004239e7
0x004239ea
0x004239ec
0x004239f2
0x004239c3
0x004239c7
0x004239cc
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397c
0x0042397f
0x004239a1
0x004239a6
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423985
0x0042398a
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423958
0x0042395d
0x00423960
0x00423966
0x00423966
0x0042392c
0x00423930
0x00423935
0x00423938
0x0042393e
0x0042393e
0x004239fb
0x004239fe
0x00000000
0x00000000
0x00000000
0x004239fe
0x00000000
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00000000
0x00000000
0x00000000
0x00423bb4
0x00000000
0x00000000
0x00423139
0x00423139
0x0042313c
0x0042313f
0x00000000
0x00000000
0x00423144
0x00423147
0x0042314d
0x00000000
0x00000000
0x0042312e
0x00423131
0x00423134
0x00000000
0x00000000
0x00423123
0x00423126
0x00423129
0x00000000
0x00000000
0x00423152
0x00423152
0x00423155
0x00423155
0x00423158
0x00000000
0x00000000
0x0042315b
0x00000000
0x00000000
0x00422fcb
0x00422fcb
0x00422fcd
0x00422fdb
0x00422fcf
0x00422fcf
0x00422fcf
0x00422feb
0x00422ff8
0x00422ffa
0x00422fff
0x00423001
0x00423006
0x0042300b
0x0042300d
0x00423012
0x00423018
0x0042301a
0x0042301a
0x00423018
0x0042301b
0x00423022
0x00000000
0x00423024
0x00423029
0x00423045
0x0042304d
0x0042305a
0x0042305f
0x00423e74
0x00423e81
0x00423e81
0x00423022
0x00422fc5
0x00423db0
0x00423db0
0x00423db7
0x00423dce
0x00423dce
0x00423dd8
0x00423dd8
0x00423dde
0x00423de4
0x00423deb
0x00423ded
0x00423df2
0x00423df4
0x00423df9
0x00423dfe
0x00423e00
0x00423e05
0x00423e08
0x00423e0b
0x00423e0d
0x00423e0d
0x00423e0b
0x00423e0e
0x00423e15
0x00423e60
0x00423e69
0x00423e6e
0x00423e17
0x00423e1c
0x00423e38
0x00423e40
0x00423e4d
0x00423e52
0x00423e52
0x00000000
0x00423e15
0x00423db9
0x00423db9
0x00423dc0
0x00000000
0x00000000
0x00423dc2
0x00423dc2
0x00000000
0x00423dc2
0x00423bb0
0x00423b87
0x00423b87
0x00423b8b
0x00423b98
0x00423b9e
0x00423ba4
0x00423baa
0x00423baa
0x00423bad
0x00000000
0x00423bad
0x00423b8d
0x00423b93
0x00423b96
0x00000000
0x00000000
0x00000000
0x00423b96
0x00423aec
0x00423aef
0x00423af9
0x00423b08
0x00423b11
0x00423b27
0x00423b2d
0x00423b33
0x00423b3a
0x00423b42
0x00423b42
0x00423b48
0x00423b48
0x00423b57
0x00423b5f
0x00423ace
0x00423ad4
0x00423ad7
0x00423ada
0x00423adc
0x00000000
0x00000000
0x00000000
0x00423adc
0x00423ace
0x00423a0b
0x00423a0b
0x00423a12
0x00000000
0x00000000
0x00000000
0x00423a40
0x00423a46
0x00423a52
0x00000000
0x00423a52
0x00423922

APIs

_get_int64_arg.LIBCMTD ref: 00423930
__aullrem.LIBCMT ref: 00423B00
__aulldiv.LIBCMT ref: 00423B22

Strings

9, xrefs: 00423B33

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: e99518db696697a165a807a643a20938dd486c330cc2b7c9e6b38dba2698fba6
Instruction ID: c244d4ae382631c369100802b87defad44086c78db6ad9b6ff75e88f9e021b77
Opcode Fuzzy Hash: e99518db696697a165a807a643a20938dd486c330cc2b7c9e6b38dba2698fba6
Instruction Fuzzy Hash: 1E4126B1E001299FDB24CF48DC81BAEB7B5FF85315F4041AAE289A7241C7385E81CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0042200B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E0042200B(intOrPtr __ebx, signed int __edx, intOrPtr __edi, intOrPtr __esi) {
				signed int _t496;
				signed int _t518;
				void* _t523;
				signed int _t525;
				void* _t545;
				signed int _t563;
				signed int _t580;
				signed short _t581;
				signed int _t584;
				signed int _t587;
				signed int _t588;
				intOrPtr _t589;
				signed int _t609;
				signed int _t645;
				signed int _t647;
				signed int _t649;
				signed int _t656;
				signed int _t696;
				intOrPtr _t697;
				intOrPtr _t698;
				signed int _t699;
				void* _t701;
				void* _t702;
				signed int _t710;

				L0:
				while(1) {
					L0:
					_t698 = __esi;
					_t697 = __edi;
					_t645 = __edx;
					_t589 = __ebx;
					 *(_t699 - 8) = 0xa;
					L153:
					while(1) {
						L153:
						while(1) {
							L153:
							while(1) {
								L153:
								if(( *(_t699 - 0x10) & 0x00008000) == 0) {
									_t647 =  *(_t699 - 0x10) & 0x00001000;
									if(_t647 == 0) {
										if(( *(_t699 - 0x10) & 0x00000020) == 0) {
											_t649 =  *(_t699 - 0x10) & 0x00000040;
											if(_t649 == 0) {
												_t496 = E0041C290(_t699 + 0x14);
												_t702 = _t701 + 4;
												 *(_t699 - 0x2b8) = _t496;
												 *(_t699 - 0x2b4) = 0;
											} else {
												_t580 = E0041C290(_t699 + 0x14);
												_t702 = _t701 + 4;
												asm("cdq");
												 *(_t699 - 0x2b8) = _t580;
												 *(_t699 - 0x2b4) = _t649;
											}
										} else {
											_t696 =  *(_t699 - 0x10) & 0x00000040;
											if(_t696 == 0) {
												_t581 = E0041C290(_t699 + 0x14);
												_t702 = _t701 + 4;
												asm("cdq");
												 *(_t699 - 0x2b8) = _t581 & 0x0000ffff;
												 *(_t699 - 0x2b4) = _t696;
											} else {
												_t584 = E0041C290(_t699 + 0x14);
												_t702 = _t701 + 4;
												asm("cdq");
												 *(_t699 - 0x2b8) = _t584;
												 *(_t699 - 0x2b4) = _t696;
											}
										}
									} else {
										_t587 = E0041C2B0(_t699 + 0x14);
										_t702 = _t701 + 4;
										 *(_t699 - 0x2b8) = _t587;
										 *(_t699 - 0x2b4) = _t647;
									}
								} else {
									_t588 = E0041C2B0(_t699 + 0x14);
									_t702 = _t701 + 4;
									 *(_t699 - 0x2b8) = _t588;
									 *(_t699 - 0x2b4) = _t645;
								}
								if(( *(_t699 - 0x10) & 0x00000040) == 0) {
									L170:
									 *(_t699 - 0x2c0) =  *(_t699 - 0x2b8);
									 *(_t699 - 0x2bc) =  *(_t699 - 0x2b4);
									goto L171;
								} else {
									L166:
									_t710 =  *(_t699 - 0x2b4);
									if(_t710 > 0 || _t710 >= 0 &&  *(_t699 - 0x2b8) >= 0) {
										goto L170;
									} else {
										L169:
										asm("adc edx, 0x0");
										 *(_t699 - 0x2c0) =  ~( *(_t699 - 0x2b8));
										 *(_t699 - 0x2bc) =  ~( *(_t699 - 0x2b4));
										 *(_t699 - 0x10) =  *(_t699 - 0x10) | 0x00000100;
										L171:
										if(( *(_t699 - 0x10) & 0x00008000) == 0 && ( *(_t699 - 0x10) & 0x00001000) == 0) {
											 *(_t699 - 0x2bc) =  *(_t699 - 0x2bc) & 0x00000000;
										}
										if( *(_t699 - 0x30) >= 0) {
											 *(_t699 - 0x10) =  *(_t699 - 0x10) & 0xfffffff7;
											if( *(_t699 - 0x30) > 0x200) {
												 *(_t699 - 0x30) = 0x200;
											}
										} else {
											 *(_t699 - 0x30) = 1;
										}
										if(( *(_t699 - 0x2c0) |  *(_t699 - 0x2bc)) == 0) {
											 *(_t699 - 0x1c) = 0;
										}
										 *((intOrPtr*)(_t699 - 4)) = _t699 - 0x49;
										while(1) {
											L181:
											_t655 =  *(_t699 - 0x30) - 1;
											 *(_t699 - 0x30) =  *(_t699 - 0x30) - 1;
											if( *(_t699 - 0x30) <= 0 && ( *(_t699 - 0x2c0) |  *(_t699 - 0x2bc)) == 0) {
												break;
											}
											L183:
											asm("cdq");
											_t656 =  *(_t699 - 0x2c0);
											 *((intOrPtr*)(_t699 - 0x2ac)) = E0041CE40(_t656,  *(_t699 - 0x2bc),  *(_t699 - 8), _t655) + 0x30;
											asm("cdq");
											 *(_t699 - 0x2c0) = E0041CDD0( *(_t699 - 0x2c0),  *(_t699 - 0x2bc),  *(_t699 - 8), _t656);
											 *(_t699 - 0x2bc) = _t656;
											if( *((intOrPtr*)(_t699 - 0x2ac)) > 0x39) {
												 *((intOrPtr*)(_t699 - 0x2ac)) =  *((intOrPtr*)(_t699 - 0x2ac)) +  *((intOrPtr*)(_t699 - 0x260));
											}
											 *((char*)( *((intOrPtr*)(_t699 - 4)))) =  *((intOrPtr*)(_t699 - 0x2ac));
											 *((intOrPtr*)(_t699 - 4)) =  *((intOrPtr*)(_t699 - 4)) - 1;
										}
										L186:
										 *((intOrPtr*)(_t699 - 0x24)) = _t699 - 0x49 -  *((intOrPtr*)(_t699 - 4));
										 *((intOrPtr*)(_t699 - 4)) =  *((intOrPtr*)(_t699 - 4)) + 1;
										if(( *(_t699 - 0x10) & 0x00000200) != 0 && ( *((intOrPtr*)(_t699 - 0x24)) == 0 ||  *((char*)( *((intOrPtr*)(_t699 - 4)))) != 0x30)) {
											 *((intOrPtr*)(_t699 - 4)) =  *((intOrPtr*)(_t699 - 4)) - 1;
											 *((char*)( *((intOrPtr*)(_t699 - 4)))) = 0x30;
											 *((intOrPtr*)(_t699 - 0x24)) =  *((intOrPtr*)(_t699 - 0x24)) + 1;
										}
										L190:
										while(1) {
											L190:
											while(1) {
												L190:
												while(1) {
													L190:
													while(1) {
														L190:
														while(1) {
															L190:
															while(1) {
																L190:
																while(1) {
																	do {
																		L190:
																		if( *((intOrPtr*)(_t699 - 0x28)) != 0) {
																			L216:
																			if( *(_t699 - 0x20) != 0) {
																				L0040C240( *(_t699 - 0x20), 2);
																				_t702 = _t702 + 8;
																				 *(_t699 - 0x20) = 0;
																			}
																			while(1) {
																				L218:
																				 *(_t699 - 0x251) =  *( *(_t699 + 0xc));
																				_t663 =  *(_t699 - 0x251);
																				 *(_t699 + 0xc) =  *(_t699 + 0xc) + 1;
																				if( *(_t699 - 0x251) == 0 ||  *(_t699 - 0x24c) < 0) {
																					break;
																				} else {
																					if( *(_t699 - 0x251) < 0x20 ||  *(_t699 - 0x251) > 0x78) {
																						 *(_t699 - 0x310) = 0;
																					} else {
																						 *(_t699 - 0x310) =  *( *(_t699 - 0x251) + L"pecifier\", 0)") & 0xf;
																					}
																				}
																				L7:
																				 *(_t699 - 0x250) =  *(_t699 - 0x310);
																				_t525 =  *(_t699 - 0x250) * 9;
																				_t609 =  *(_t699 - 0x25c);
																				_t663 = ( *(_t525 + _t609 + 0x4083d0) & 0x000000ff) >> 4;
																				 *(_t699 - 0x25c) = ( *(_t525 + _t609 + 0x4083d0) & 0x000000ff) >> 4;
																				if( *(_t699 - 0x25c) != 8) {
																					L16:
																					 *(_t699 - 0x318) =  *(_t699 - 0x25c);
																					if( *(_t699 - 0x318) > 7) {
																						continue;
																					}
																					L17:
																					switch( *((intOrPtr*)( *(_t699 - 0x318) * 4 +  &M004225E0))) {
																						case 0:
																							L18:
																							 *(_t699 - 0xc) = 0;
																							_t528 = E00419390( *(_t699 - 0x251) & 0x000000ff, E0040D3B0(_t699 - 0x40));
																							_t705 = _t702 + 8;
																							if(_t528 == 0) {
																								L24:
																								E004226F0( *(_t699 - 0x251) & 0x000000ff,  *(_t699 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t699 + 8)), _t699 - 0x24c);
																								_t702 = _t705 + 0xc;
																								goto L218;
																							} else {
																								E004226F0( *((intOrPtr*)(_t699 + 8)),  *(_t699 - 0x251) & 0x000000ff,  *((intOrPtr*)(_t699 + 8)), _t699 - 0x24c);
																								_t705 = _t705 + 0xc;
																								_t614 =  *( *(_t699 + 0xc));
																								 *(_t699 - 0x251) =  *( *(_t699 + 0xc));
																								_t663 =  *(_t699 + 0xc) + 1;
																								 *(_t699 + 0xc) = _t663;
																								asm("sbb eax, eax");
																								 *(_t699 - 0x27c) =  ~( ~( *(_t699 - 0x251)));
																								if(_t663 == 0) {
																									_push(L"(ch != _T(\'\\0\'))");
																									_push(0);
																									_push(0x486);
																									_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																									_push(2);
																									_t540 = L0040E1A0();
																									_t705 = _t705 + 0x14;
																									if(_t540 == 1) {
																										asm("int3");
																									}
																								}
																								L22:
																								if( *(_t699 - 0x27c) != 0) {
																									goto L24;
																								} else {
																									 *((intOrPtr*)(L0040EC70(_t614))) = 0x16;
																									E00411A50(_t589, _t614, _t697, _t698, L"(ch != _T(\'\\0\'))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x486, 0);
																									 *(_t699 - 0x2f4) = 0xffffffff;
																									E0040D380(_t699 - 0x40);
																									_t518 =  *(_t699 - 0x2f4);
																									goto L229;
																								}
																							}
																						case 1:
																							L25:
																							 *(__ebp - 0x2c) = 0;
																							__edx =  *(__ebp - 0x2c);
																							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
																							__eax =  *(__ebp - 0x28);
																							 *(__ebp - 0x18) =  *(__ebp - 0x28);
																							__ecx =  *(__ebp - 0x18);
																							 *(__ebp - 0x1c) = __ecx;
																							 *(__ebp - 0x10) = 0;
																							 *(__ebp - 0x30) = 0xffffffff;
																							 *(__ebp - 0xc) = 0;
																							goto L218;
																						case 2:
																							L26:
																							__edx =  *((char*)(__ebp - 0x251));
																							 *(__ebp - 0x31c) =  *((char*)(__ebp - 0x251));
																							 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
																							 *(__ebp - 0x31c) =  *(__ebp - 0x31c) - 0x20;
																							if( *(__ebp - 0x31c) > 0x10) {
																								goto L33;
																							}
																							L27:
																							__ecx =  *(__ebp - 0x31c);
																							_t72 = __ecx + 0x422618; // 0x498d04
																							__edx =  *_t72 & 0x000000ff;
																							switch( *((intOrPtr*)(( *_t72 & 0x000000ff) * 4 +  &M00422600))) {
																								case 0:
																									goto L30;
																								case 1:
																									goto L31;
																								case 2:
																									goto L29;
																								case 3:
																									goto L28;
																								case 4:
																									goto L32;
																								case 5:
																									goto L33;
																							}
																						case 3:
																							L34:
																							__edx =  *((char*)(__ebp - 0x251));
																							if( *((char*)(__ebp - 0x251)) != 0x2a) {
																								__eax =  *(__ebp - 0x18);
																								__eax =  *(__ebp - 0x18) * 0xa;
																								__ecx =  *((char*)(__ebp - 0x251));
																								_t96 = __ecx - 0x30; // -48
																								__edx = __eax + _t96;
																								 *(__ebp - 0x18) = __eax + _t96;
																							} else {
																								__eax = __ebp + 0x14;
																								 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
																								if( *(__ebp - 0x18) < 0) {
																									__ecx =  *(__ebp - 0x10);
																									__ecx =  *(__ebp - 0x10) | 0x00000004;
																									 *(__ebp - 0x10) = __ecx;
																									 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
																									 *(__ebp - 0x18) =  ~( *(__ebp - 0x18));
																								}
																							}
																							goto L218;
																						case 4:
																							L40:
																							 *(__ebp - 0x30) = 0;
																							goto L218;
																						case 5:
																							L41:
																							__eax =  *((char*)(__ebp - 0x251));
																							if( *((char*)(__ebp - 0x251)) != 0x2a) {
																								 *(__ebp - 0x30) =  *(__ebp - 0x30) * 0xa;
																								_t107 =  *((char*)(__ebp - 0x251)) - 0x30; // -48
																								__ecx =  *(__ebp - 0x30) * 0xa + _t107;
																								 *(__ebp - 0x30) = __ecx;
																							} else {
																								__ecx = __ebp + 0x14;
																								 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
																								if( *(__ebp - 0x30) < 0) {
																									 *(__ebp - 0x30) = 0xffffffff;
																								}
																							}
																							goto L218;
																						case 6:
																							L47:
																							__edx =  *((char*)(__ebp - 0x251));
																							 *(__ebp - 0x320) =  *((char*)(__ebp - 0x251));
																							 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
																							 *(__ebp - 0x320) =  *(__ebp - 0x320) - 0x49;
																							if( *(__ebp - 0x320) > 0x2e) {
																								L70:
																								goto L218;
																							}
																							L48:
																							__ecx =  *(__ebp - 0x320);
																							_t115 = __ecx + 0x422640; // 0x1e4e9003
																							__edx =  *_t115 & 0x000000ff;
																							switch( *((intOrPtr*)(( *_t115 & 0x000000ff) * 4 +  &M0042262C))) {
																								case 0:
																									L53:
																									__edx =  *(__ebp + 0xc);
																									__eax =  *( *(__ebp + 0xc));
																									if( *( *(__ebp + 0xc)) != 0x36) {
																										L56:
																										__edx =  *(__ebp + 0xc);
																										__eax =  *( *(__ebp + 0xc));
																										if( *( *(__ebp + 0xc)) != 0x33) {
																											L59:
																											__edx =  *(__ebp + 0xc);
																											__eax =  *( *(__ebp + 0xc));
																											if( *( *(__ebp + 0xc)) == 0x64) {
																												L65:
																												L67:
																												goto L70;
																											}
																											L60:
																											__ecx =  *(__ebp + 0xc);
																											__edx =  *__ecx;
																											if( *__ecx == 0x69) {
																												goto L65;
																											}
																											L61:
																											__eax =  *(__ebp + 0xc);
																											__ecx =  *( *(__ebp + 0xc));
																											if(__ecx == 0x6f) {
																												goto L65;
																											}
																											L62:
																											__edx =  *(__ebp + 0xc);
																											__eax =  *( *(__ebp + 0xc));
																											if( *( *(__ebp + 0xc)) == 0x75) {
																												goto L65;
																											}
																											L63:
																											__ecx =  *(__ebp + 0xc);
																											__edx =  *__ecx;
																											if( *__ecx == 0x78) {
																												goto L65;
																											}
																											L64:
																											__eax =  *(__ebp + 0xc);
																											__ecx =  *( *(__ebp + 0xc));
																											if(__ecx != 0x58) {
																												L66:
																												 *(__ebp - 0x25c) = 0;
																												goto L18;
																											}
																											goto L65;
																										}
																										L57:
																										__ecx =  *(__ebp + 0xc);
																										__edx =  *((char*)(__ecx + 1));
																										if( *((char*)(__ecx + 1)) != 0x32) {
																											goto L59;
																										}
																										L58:
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																										__ecx =  *(__ebp - 0x10);
																										__ecx =  *(__ebp - 0x10) & 0xffff7fff;
																										 *(__ebp - 0x10) = __ecx;
																										goto L67;
																									}
																									L54:
																									__ecx =  *(__ebp + 0xc);
																									__edx =  *((char*)(__ecx + 1));
																									if( *((char*)(__ecx + 1)) != 0x34) {
																										goto L56;
																									}
																									L55:
																									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 2;
																									__ecx =  *(__ebp - 0x10);
																									__ecx =  *(__ebp - 0x10) | 0x00008000;
																									 *(__ebp - 0x10) = __ecx;
																									goto L67;
																								case 1:
																									L68:
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																									goto L70;
																								case 2:
																									L49:
																									__eax =  *(__ebp + 0xc);
																									__ecx =  *( *(__ebp + 0xc));
																									if(__ecx != 0x6c) {
																										__ecx =  *(__ebp - 0x10);
																										__ecx =  *(__ebp - 0x10) | 0x00000010;
																										 *(__ebp - 0x10) = __ecx;
																									} else {
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																									}
																									goto L70;
																								case 3:
																									L69:
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																									goto L70;
																								case 4:
																									goto L70;
																							}
																						case 7:
																							goto L71;
																						case 8:
																							L30:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000002;
																							goto L33;
																						case 9:
																							L31:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																							goto L33;
																						case 0xa:
																							L29:
																							__ecx =  *(__ebp - 0x10);
																							__ecx =  *(__ebp - 0x10) | 0x00000001;
																							 *(__ebp - 0x10) = __ecx;
																							goto L33;
																						case 0xb:
																							L28:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																							goto L33;
																						case 0xc:
																							L32:
																							__ecx =  *(__ebp - 0x10);
																							__ecx =  *(__ebp - 0x10) | 0x00000008;
																							 *(__ebp - 0x10) = __ecx;
																							goto L33;
																						case 0xd:
																							L33:
																							goto L218;
																					}
																				} else {
																					if(0 == 0) {
																						 *(_t699 - 0x314) = 0;
																					} else {
																						 *(_t699 - 0x314) = 1;
																					}
																					_t616 =  *(_t699 - 0x314);
																					 *(_t699 - 0x278) =  *(_t699 - 0x314);
																					if( *(_t699 - 0x278) == 0) {
																						_push(L"(\"Incorrect format specifier\", 0)");
																						_push(0);
																						_push(0x460);
																						_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																						_push(2);
																						_t545 = L0040E1A0();
																						_t702 = _t702 + 0x14;
																						if(_t545 == 1) {
																							asm("int3");
																						}
																					}
																					L14:
																					if( *(_t699 - 0x278) != 0) {
																						goto L16;
																					} else {
																						 *((intOrPtr*)(L0040EC70(_t616))) = 0x16;
																						E00411A50(_t589, _t616, _t697, _t698, L"(\"Incorrect format specifier\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
																						 *(_t699 - 0x2f0) = 0xffffffff;
																						E0040D380(_t699 - 0x40);
																						_t518 =  *(_t699 - 0x2f0);
																						L229:
																						return E00416CA0(_t518, _t589,  *(_t699 - 0x48) ^ _t699, _t663, _t697, _t698);
																					}
																				}
																			}
																			L219:
																			if( *(_t699 - 0x25c) == 0 ||  *(_t699 - 0x25c) == 7) {
																				 *(_t699 - 0x334) = 1;
																			} else {
																				 *(_t699 - 0x334) = 0;
																			}
																			_t603 =  *(_t699 - 0x334);
																			 *(_t699 - 0x2e0) =  *(_t699 - 0x334);
																			if( *(_t699 - 0x2e0) == 0) {
																				_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
																				_push(0);
																				_push(0x8f5);
																				_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																				_push(2);
																				_t523 = L0040E1A0();
																				_t702 = _t702 + 0x14;
																				if(_t523 == 1) {
																					asm("int3");
																				}
																			}
																			if( *(_t699 - 0x2e0) != 0) {
																				 *(_t699 - 0x300) =  *(_t699 - 0x24c);
																				E0040D380(_t699 - 0x40);
																				_t518 =  *(_t699 - 0x300);
																			} else {
																				 *((intOrPtr*)(L0040EC70(_t603))) = 0x16;
																				E00411A50(_t589, _t603, _t697, _t698, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
																				 *(_t699 - 0x2fc) = 0xffffffff;
																				E0040D380(_t699 - 0x40);
																				_t518 =  *(_t699 - 0x2fc);
																			}
																			goto L229;
																		}
																		L191:
																		if(( *(_t699 - 0x10) & 0x00000040) != 0) {
																			if(( *(_t699 - 0x10) & 0x00000100) == 0) {
																				if(( *(_t699 - 0x10) & 0x00000001) == 0) {
																					if(( *(_t699 - 0x10) & 0x00000002) != 0) {
																						 *((char*)(_t699 - 0x14)) = 0x20;
																						 *(_t699 - 0x1c) = 1;
																					}
																				} else {
																					 *((char*)(_t699 - 0x14)) = 0x2b;
																					 *(_t699 - 0x1c) = 1;
																				}
																			} else {
																				 *((char*)(_t699 - 0x14)) = 0x2d;
																				 *(_t699 - 0x1c) = 1;
																			}
																		}
																		 *((intOrPtr*)(_t699 - 0x2c4)) =  *((intOrPtr*)(_t699 - 0x18)) -  *((intOrPtr*)(_t699 - 0x24)) -  *(_t699 - 0x1c);
																		if(( *(_t699 - 0x10) & 0x0000000c) == 0) {
																			E00422790(0x20,  *((intOrPtr*)(_t699 - 0x2c4)),  *((intOrPtr*)(_t699 + 8)), _t699 - 0x24c);
																			_t702 = _t702 + 0x10;
																		}
																		E004227D0( *(_t699 - 0x1c), _t699 - 0x14,  *(_t699 - 0x1c),  *((intOrPtr*)(_t699 + 8)), _t699 - 0x24c);
																		_t702 = _t702 + 0x10;
																		if(( *(_t699 - 0x10) & 0x00000008) != 0 && ( *(_t699 - 0x10) & 0x00000004) == 0) {
																			E00422790(0x30,  *((intOrPtr*)(_t699 - 0x2c4)),  *((intOrPtr*)(_t699 + 8)), _t699 - 0x24c);
																			_t702 = _t702 + 0x10;
																		}
																		if( *(_t699 - 0xc) == 0 ||  *((intOrPtr*)(_t699 - 0x24)) <= 0) {
																			L212:
																			E004227D0( *((intOrPtr*)(_t699 - 4)),  *((intOrPtr*)(_t699 - 4)),  *((intOrPtr*)(_t699 - 0x24)),  *((intOrPtr*)(_t699 + 8)), _t699 - 0x24c);
																			_t702 = _t702 + 0x10;
																			goto L213;
																		} else {
																			L205:
																			 *(_t699 - 0x2dc) = 0;
																			 *((intOrPtr*)(_t699 - 0x2c8)) =  *((intOrPtr*)(_t699 - 4));
																			 *((intOrPtr*)(_t699 - 0x2cc)) =  *((intOrPtr*)(_t699 - 0x24));
																			while(1) {
																				L206:
																				 *((intOrPtr*)(_t699 - 0x2cc)) =  *((intOrPtr*)(_t699 - 0x2cc)) - 1;
																				if( *((intOrPtr*)(_t699 - 0x2cc)) == 0) {
																					break;
																				}
																				L207:
																				 *(_t699 - 0x32e) =  *((intOrPtr*)( *((intOrPtr*)(_t699 - 0x2c8))));
																				_t563 = E004212A0(_t699 - 0x2d0, _t699 - 0x2d8, 6,  *(_t699 - 0x32e) & 0x0000ffff);
																				_t702 = _t702 + 0x10;
																				 *(_t699 - 0x2dc) = _t563;
																				 *((intOrPtr*)(_t699 - 0x2c8)) =  *((intOrPtr*)(_t699 - 0x2c8)) + 2;
																				if( *(_t699 - 0x2dc) != 0 ||  *((intOrPtr*)(_t699 - 0x2d0)) == 0) {
																					L209:
																					 *(_t699 - 0x24c) = 0xffffffff;
																					break;
																				} else {
																					L210:
																					E004227D0( *((intOrPtr*)(_t699 + 8)), _t699 - 0x2d8,  *((intOrPtr*)(_t699 - 0x2d0)),  *((intOrPtr*)(_t699 + 8)), _t699 - 0x24c);
																					_t702 = _t702 + 0x10;
																					continue;
																				}
																			}
																			L211:
																			L213:
																			if( *(_t699 - 0x24c) >= 0 && ( *(_t699 - 0x10) & 0x00000004) != 0) {
																				E00422790(0x20,  *((intOrPtr*)(_t699 - 0x2c4)),  *((intOrPtr*)(_t699 + 8)), _t699 - 0x24c);
																				_t702 = _t702 + 0x10;
																			}
																			goto L216;
																		}
																		L71:
																		__ecx =  *((char*)(__ebp - 0x251));
																		 *(__ebp - 0x324) = __ecx;
																		__edx =  *(__ebp - 0x324);
																		__edx =  *(__ebp - 0x324) - 0x41;
																		 *(__ebp - 0x324) = __edx;
																	} while ( *(__ebp - 0x324) > 0x37);
																	_t156 =  *(__ebp - 0x324) + 0x4226ac; // 0xcccccc0d
																	__ecx =  *_t156 & 0x000000ff;
																	switch( *((intOrPtr*)(__ecx * 4 +  &M00422670))) {
																		case 0:
																			L123:
																			 *(__ebp - 0x2c) = 1;
																			__ecx =  *((char*)(__ebp - 0x251));
																			__ecx =  *((char*)(__ebp - 0x251)) + 0x20;
																			 *((char*)(__ebp - 0x251)) = __cl;
																			goto L124;
																		case 1:
																			L73:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																			}
																			goto L75;
																		case 2:
																			L88:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																			}
																			goto L90;
																		case 3:
																			L146:
																			 *((intOrPtr*)(__ebp - 0x260)) = 7;
																			goto L148;
																		case 4:
																			L81:
																			__eax = __ebp + 0x14;
																			 *(__ebp - 0x288) = E0041C290(__ebp + 0x14);
																			if( *(__ebp - 0x288) == 0) {
																				L83:
																				__edx =  *0x60b4f0; // 0x407424
																				 *(__ebp - 4) = __edx;
																				__eax =  *(__ebp - 4);
																				 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																				L87:
																				goto L190;
																			}
																			L82:
																			__ecx =  *(__ebp - 0x288);
																			if( *((intOrPtr*)( *(__ebp - 0x288) + 4)) != 0) {
																				L84:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
																				if(( *(__ebp - 0x10) & 0x00000800) == 0) {
																					 *(__ebp - 0xc) = 0;
																					__edx =  *(__ebp - 0x288);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x288);
																					__edx =  *__ecx;
																					 *(__ebp - 0x24) =  *__ecx;
																				} else {
																					__edx =  *(__ebp - 0x288);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x288);
																					__eax =  *__ecx;
																					asm("cdq");
																					 *__ecx - __edx =  *__ecx - __edx >> 1;
																					 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
																					 *(__ebp - 0xc) = 1;
																				}
																				goto L87;
																			}
																			goto L83;
																		case 5:
																			L124:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			__eax = __ebp - 0x248;
																			 *(__ebp - 4) = __ebp - 0x248;
																			 *(__ebp - 0x44) = 0x200;
																			if( *(__ebp - 0x30) >= 0) {
																				L126:
																				if( *(__ebp - 0x30) != 0) {
																					L129:
																					if( *(__ebp - 0x30) > 0x200) {
																						 *(__ebp - 0x30) = 0x200;
																					}
																					L131:
																					if( *(__ebp - 0x30) > 0xa3) {
																						 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																						 *(__ebp - 0x20) = L0040B5C0(__ecx,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																						if( *(__ebp - 0x20) == 0) {
																							 *(__ebp - 0x30) = 0xa3;
																						} else {
																							__eax =  *(__ebp - 0x20);
																							 *(__ebp - 4) =  *(__ebp - 0x20);
																							 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																							 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																						}
																					}
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					__eax =  *(__ebp + 0x14);
																					__ecx =  *(__eax - 8);
																					__edx =  *(__eax - 4);
																					 *(__ebp - 0x2a8) =  *(__eax - 8);
																					 *(__ebp - 0x2a4) =  *(__eax - 4);
																					__ecx = __ebp - 0x40;
																					_push(E0040D3B0(__ebp - 0x40));
																					__eax =  *(__ebp - 0x2c);
																					_push( *(__ebp - 0x2c));
																					__ecx =  *(__ebp - 0x30);
																					_push( *(__ebp - 0x30));
																					__edx =  *((char*)(__ebp - 0x251));
																					_push( *((char*)(__ebp - 0x251)));
																					__eax =  *(__ebp - 0x44);
																					_push( *(__ebp - 0x44));
																					__ecx =  *(__ebp - 4);
																					_push( *(__ebp - 4));
																					__edx = __ebp - 0x2a8;
																					_push(__ebp - 0x2a8);
																					__eax =  *0x60b3cc; // 0x7e8c4bdb
																					__eax =  *__eax();
																					__esp = __esp + 0x1c;
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																					if(( *(__ebp - 0x10) & 0x00000080) != 0 &&  *(__ebp - 0x30) == 0) {
																						__ecx = __ebp - 0x40;
																						_push(E0040D3B0(__ebp - 0x40));
																						__edx =  *(__ebp - 4);
																						_push( *(__ebp - 4));
																						__eax =  *0x60b3d8; // 0x7e8c4bdb
																						__eax =  *__eax();
																						__esp = __esp + 8;
																					}
																					__ecx =  *((char*)(__ebp - 0x251));
																					if( *((char*)(__ebp - 0x251)) == 0x67) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																						if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																							__ecx = __ebp - 0x40;
																							_push(E0040D3B0(__ebp - 0x40));
																							__eax =  *(__ebp - 4);
																							_push( *(__ebp - 4));
																							__ecx =  *0x60b3d4; // 0x7e8c4bdb
																							E00410200(__ecx) =  *__eax();
																							__esp = __esp + 8;
																						}
																					}
																					__edx =  *(__ebp - 4);
																					__eax =  *( *(__ebp - 4));
																					if( *( *(__ebp - 4)) == 0x2d) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						 *(__ebp - 4) =  *(__ebp - 4) + 1;
																						 *(__ebp - 4) =  *(__ebp - 4) + 1;
																					}
																					__eax =  *(__ebp - 4);
																					 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																					goto L190;
																				}
																				L127:
																				__ecx =  *((char*)(__ebp - 0x251));
																				if(__ecx != 0x67) {
																					goto L129;
																				}
																				L128:
																				 *(__ebp - 0x30) = 1;
																				goto L131;
																			}
																			L125:
																			 *(__ebp - 0x30) = 6;
																			goto L131;
																		case 6:
																			L75:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
																			if(( *(__ebp - 0x10) & 0x00000810) == 0) {
																				__ebp + 0x14 = E0041C290(__ebp + 0x14);
																				 *(__ebp - 0x284) = __ax;
																				__cl =  *(__ebp - 0x284);
																				 *(__ebp - 0x248) = __cl;
																				 *(__ebp - 0x24) = 1;
																			} else {
																				 *(__ebp - 0x280) = 0;
																				__edx = __ebp + 0x14;
																				__eax = E0041C2D0(__ebp + 0x14);
																				 *(__ebp - 0x258) = __ax;
																				__eax =  *(__ebp - 0x258) & 0x0000ffff;
																				__ecx = __ebp - 0x248;
																				__edx = __ebp - 0x24;
																				 *(__ebp - 0x280) = E004212A0(__ebp - 0x24, __ebp - 0x248, 0x200,  *(__ebp - 0x258) & 0x0000ffff);
																				if( *(__ebp - 0x280) != 0) {
																					 *(__ebp - 0x28) = 1;
																				}
																			}
																			__edx = __ebp - 0x248;
																			 *(__ebp - 4) = __ebp - 0x248;
																			goto L190;
																		case 7:
																			L144:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 8) = 0xa;
																			goto L153;
																		case 8:
																			L109:
																			__ecx = __ebp + 0x14;
																			 *(__ebp - 0x298) = E0041C290(__ebp + 0x14);
																			if(E00420F80() != 0) {
																				L119:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																				if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																					__edx =  *(__ebp - 0x298);
																					__eax =  *(__ebp - 0x24c);
																					 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
																				} else {
																					__eax =  *(__ebp - 0x298);
																					 *( *(__ebp - 0x298)) =  *(__ebp - 0x24c);
																				}
																				 *(__ebp - 0x28) = 1;
																				goto L190;
																			}
																			L110:
																			__edx = 0;
																			if(0 == 0) {
																				 *(__ebp - 0x32c) = 0;
																			} else {
																				 *(__ebp - 0x32c) = 1;
																			}
																			__eax =  *(__ebp - 0x32c);
																			 *(__ebp - 0x29c) =  *(__ebp - 0x32c);
																			if( *(__ebp - 0x29c) == 0) {
																				_push(L"(\"\'n\' format specifier disabled\", 0)");
																				_push(0);
																				_push(0x695);
																				_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																				_push(2);
																				__eax = L0040E1A0();
																				__esp = __esp + 0x14;
																				if(__eax == 1) {
																					asm("int3");
																				}
																			}
																			if( *(__ebp - 0x29c) != 0) {
																				L118:
																				goto L190;
																			} else {
																				L117:
																				 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
																				__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
																				 *(__ebp - 0x2f8) = 0xffffffff;
																				__ecx = __ebp - 0x40;
																				__eax = E0040D380(__ecx);
																				__eax =  *(__ebp - 0x2f8);
																				goto L229;
																			}
																		case 9:
																			L151:
																			 *(__ebp - 8) = 8;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000200;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000200;
																			}
																			goto L153;
																		case 0xa:
																			L145:
																			 *(__ebp - 0x30) = 8;
																			goto L146;
																		case 0xb:
																			L90:
																			if( *(__ebp - 0x30) != 0xffffffff) {
																				__edx =  *(__ebp - 0x30);
																				 *(__ebp - 0x328) =  *(__ebp - 0x30);
																			} else {
																				 *(__ebp - 0x328) = 0x7fffffff;
																			}
																			__eax =  *(__ebp - 0x328);
																			 *(__ebp - 0x290) =  *(__ebp - 0x328);
																			__ecx = __ebp + 0x14;
																			 *(__ebp - 4) = E0041C290(__ebp + 0x14);
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000810;
																			if(( *(__ebp - 0x10) & 0x00000810) == 0) {
																				L101:
																				if( *(__ebp - 4) == 0) {
																					__edx =  *0x60b4f0; // 0x407424
																					 *(__ebp - 4) = __edx;
																				}
																				__eax =  *(__ebp - 4);
																				 *(__ebp - 0x28c) =  *(__ebp - 4);
																				while(1) {
																					L104:
																					__ecx =  *(__ebp - 0x290);
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					if(__ecx == 0) {
																						break;
																					}
																					L105:
																					__eax =  *(__ebp - 0x28c);
																					__ecx =  *( *(__ebp - 0x28c));
																					if(__ecx == 0) {
																						break;
																					}
																					L106:
																					 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
																					 *(__ebp - 0x28c) =  *(__ebp - 0x28c) + 1;
																				}
																				L107:
																				 *(__ebp - 0x28c) =  *(__ebp - 0x28c) -  *(__ebp - 4);
																				 *(__ebp - 0x24) =  *(__ebp - 0x28c) -  *(__ebp - 4);
																				goto L108;
																			} else {
																				L94:
																				if( *(__ebp - 4) == 0) {
																					__eax =  *0x60b4f4; // 0x407414
																					 *(__ebp - 4) = __eax;
																				}
																				 *(__ebp - 0xc) = 1;
																				__ecx =  *(__ebp - 4);
																				 *(__ebp - 0x294) =  *(__ebp - 4);
																				while(1) {
																					L97:
																					__edx =  *(__ebp - 0x290);
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					 *(__ebp - 0x290) =  *(__ebp - 0x290) - 1;
																					if( *(__ebp - 0x290) == 0) {
																						break;
																					}
																					L98:
																					__ecx =  *(__ebp - 0x294);
																					__edx =  *( *(__ebp - 0x294)) & 0x0000ffff;
																					if(( *( *(__ebp - 0x294)) & 0x0000ffff) == 0) {
																						break;
																					}
																					L99:
																					 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
																					 *(__ebp - 0x294) =  *(__ebp - 0x294) + 2;
																				}
																				L100:
																				 *(__ebp - 0x294) =  *(__ebp - 0x294) -  *(__ebp - 4);
																				__ecx =  *(__ebp - 0x294) -  *(__ebp - 4) >> 1;
																				 *(__ebp - 0x24) = __ecx;
																				L108:
																				goto L190;
																			}
																		case 0xc:
																			goto L0;
																		case 0xd:
																			L147:
																			 *((intOrPtr*)(__ebp - 0x260)) = 0x27;
																			L148:
																			 *(__ebp - 8) = 0x10;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				 *((char*)(__ebp - 0x14)) = 0x30;
																				 *((intOrPtr*)(__ebp - 0x260)) =  *((intOrPtr*)(__ebp - 0x260)) + 0x51;
																				 *((char*)(__ebp - 0x13)) = __al;
																				 *(__ebp - 0x1c) = 2;
																			}
																			goto L153;
																		case 0xe:
																			goto L190;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}

0x0042200b
0x0042200b
0x0042200b
0x0042200b
0x0042200b
0x0042200b
0x0042200b
0x0042200b
0x00000000
0x0042207a
0x00000000
0x0042207a
0x00000000
0x0042207a
0x0042207a
0x00422082
0x004220a4
0x004220aa
0x004220cf
0x00422116
0x00422119
0x0042213a
0x0042213f
0x00422144
0x0042214a
0x0042211b
0x0042211f
0x00422124
0x00422127
0x00422128
0x0042212e
0x0042212e
0x004220d1
0x004220d4
0x004220d7
0x004220f9
0x004220fe
0x00422104
0x00422105
0x0042210b
0x004220d9
0x004220dd
0x004220e2
0x004220e6
0x004220e7
0x004220ed
0x004220ed
0x00422111
0x004220ac
0x004220b0
0x004220b5
0x004220b8
0x004220be
0x004220be
0x00422084
0x00422088
0x0042208d
0x00422090
0x00422096
0x00422096
0x00422156
0x00422198
0x0042219e
0x004221aa
0x00000000
0x00422158
0x00422158
0x00422158
0x0042215f
0x00000000
0x0042216c
0x0042216c
0x0042217a
0x0042217f
0x00422185
0x00422193
0x004221b0
0x004221b8
0x004221da
0x004221da
0x004221e4
0x004221f5
0x004221ff
0x00422201
0x00422201
0x004221e6
0x004221e6
0x004221e6
0x00422214
0x00422216
0x00422216
0x00422220
0x00422223
0x00422223
0x00422229
0x0042222c
0x00422231
0x00000000
0x00000000
0x00422241
0x00422244
0x0042224e
0x0042225d
0x00422266
0x0042227c
0x00422282
0x0042228f
0x0042229d
0x0042229d
0x004222ac
0x004222b4
0x004222b4
0x004222bc
0x004222c2
0x004222cb
0x004222d7
0x004222f0
0x004222f6
0x004222ff
0x004222ff
0x00000000
0x00422302
0x00000000
0x00422302
0x00000000
0x00422302
0x00000000
0x00422302
0x00000000
0x00422302
0x00000000
0x00422302
0x00000000
0x00422302
0x00422302
0x00422302
0x00422306
0x004224ed
0x004224f1
0x004224f9
0x004224fe
0x00422501
0x00422501
0x00422508
0x00422508
0x004215df
0x004215e5
0x004215f2
0x004215f7
0x00000000
0x0042160a
0x00421614
0x0042163b
0x00421622
0x00421633
0x00421633
0x00421614
0x00421645
0x0042164b
0x00421657
0x0042165a
0x00421668
0x0042166b
0x00421678
0x0042171d
0x00421723
0x00421730
0x00000000
0x00000000
0x00421736
0x0042173c
0x00000000
0x00421743
0x00421743
0x0042175b
0x00421760
0x00421765
0x0042181f
0x00421832
0x00421837
0x00000000
0x0042176b
0x0042177e
0x00421783
0x00421789
0x0042178b
0x00421794
0x00421797
0x004217a3
0x004217a7
0x004217ad
0x004217af
0x004217b4
0x004217b6
0x004217bb
0x004217c0
0x004217c2
0x004217c7
0x004217cd
0x004217cf
0x004217cf
0x004217cd
0x004217d0
0x004217d7
0x00000000
0x004217d9
0x004217de
0x004217fa
0x00421802
0x0042180f
0x00421814
0x00000000
0x00421814
0x004217d7
0x00000000
0x0042183f
0x0042183f
0x00421846
0x00421849
0x0042184c
0x0042184f
0x00421852
0x00421855
0x00421858
0x0042185f
0x00421866
0x00000000
0x00000000
0x00421872
0x00421872
0x00421879
0x00421885
0x00421888
0x00421895
0x00000000
0x00000000
0x00421897
0x00421897
0x0042189d
0x0042189d
0x004218a4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004218e7
0x004218e7
0x004218f1
0x0042191b
0x0042191e
0x00421921
0x00421928
0x00421928
0x0042192c
0x004218f3
0x004218f3
0x004218ff
0x00421906
0x00421908
0x0042190b
0x0042190e
0x00421914
0x00421916
0x00421916
0x00421919
0x00000000
0x00000000
0x00421934
0x00421934
0x00000000
0x00000000
0x00421940
0x00421940
0x0042194a
0x0042196d
0x00421977
0x00421977
0x0042197b
0x0042194c
0x0042194c
0x00421958
0x0042195f
0x00421961
0x00421961
0x00421968
0x00000000
0x00000000
0x00421983
0x00421983
0x0042198a
0x00421996
0x00421999
0x004219a6
0x00421ab9
0x00000000
0x00421ab9
0x004219ac
0x004219ac
0x004219b2
0x004219b2
0x004219b9
0x00000000
0x004219ef
0x004219ef
0x004219f2
0x004219f8
0x00421a20
0x00421a20
0x00421a23
0x00421a29
0x00421a4e
0x00421a4e
0x00421a51
0x00421a57
0x00421a90
0x00421aa1
0x00000000
0x00421aa1
0x00421a59
0x00421a59
0x00421a5c
0x00421a62
0x00000000
0x00000000
0x00421a64
0x00421a64
0x00421a67
0x00421a6d
0x00000000
0x00000000
0x00421a6f
0x00421a6f
0x00421a72
0x00421a78
0x00000000
0x00000000
0x00421a7a
0x00421a7a
0x00421a7d
0x00421a83
0x00000000
0x00000000
0x00421a85
0x00421a85
0x00421a88
0x00421a8e
0x00421a92
0x00421a92
0x00000000
0x00421a92
0x00000000
0x00421a8e
0x00421a2b
0x00421a2b
0x00421a2e
0x00421a35
0x00000000
0x00000000
0x00421a37
0x00421a3a
0x00421a3d
0x00421a40
0x00421a43
0x00421a49
0x00000000
0x00421a49
0x004219fa
0x004219fa
0x004219fd
0x00421a04
0x00000000
0x00000000
0x00421a06
0x00421a09
0x00421a0c
0x00421a0f
0x00421a12
0x00421a18
0x00000000
0x00000000
0x00421aa3
0x00421aa6
0x00421aa9
0x00000000
0x00000000
0x004219c0
0x004219c0
0x004219c3
0x004219c9
0x004219e1
0x004219e4
0x004219e7
0x004219cb
0x004219ce
0x004219d1
0x004219d7
0x004219dc
0x004219dc
0x00000000
0x00000000
0x00421aae
0x00421ab1
0x00421ab6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004218c1
0x004218c4
0x004218c7
0x00000000
0x00000000
0x004218cc
0x004218cf
0x004218d4
0x00000000
0x00000000
0x004218b6
0x004218b6
0x004218b9
0x004218bc
0x00000000
0x00000000
0x004218ab
0x004218ae
0x004218b1
0x00000000
0x00000000
0x004218d9
0x004218d9
0x004218dc
0x004218df
0x00000000
0x00000000
0x004218e2
0x00000000
0x00000000
0x0042167e
0x00421680
0x0042168e
0x00421682
0x00421682
0x00421682
0x00421698
0x0042169e
0x004216ab
0x004216ad
0x004216b2
0x004216b4
0x004216b9
0x004216be
0x004216c0
0x004216c5
0x004216cb
0x004216cd
0x004216cd
0x004216cb
0x004216ce
0x004216d5
0x00000000
0x004216d7
0x004216dc
0x004216f8
0x00421700
0x0042170d
0x00421712
0x004225d1
0x004225de
0x004225de
0x004216d5
0x00421678
0x0042250d
0x00422514
0x0042252b
0x0042251f
0x0042251f
0x0042251f
0x00422535
0x0042253b
0x00422548
0x0042254a
0x0042254f
0x00422551
0x00422556
0x0042255b
0x0042255d
0x00422562
0x00422568
0x0042256a
0x0042256a
0x00422568
0x00422572
0x004225bd
0x004225c6
0x004225cb
0x00422574
0x00422579
0x00422595
0x0042259d
0x004225aa
0x004225af
0x004225af
0x00000000
0x00422572
0x0042230c
0x00422312
0x0042231c
0x00422331
0x00422346
0x00422348
0x0042234c
0x0042234c
0x00422333
0x00422333
0x00422337
0x00422337
0x0042231e
0x0042231e
0x00422322
0x00422322
0x0042231c
0x0042235c
0x00422368
0x0042237e
0x00422383
0x00422383
0x00422399
0x0042239e
0x004223a7
0x004223c5
0x004223ca
0x004223ca
0x004223d1
0x004224a5
0x004224b8
0x004224bd
0x00000000
0x004223e1
0x004223e1
0x004223e1
0x004223ee
0x004223f7
0x004223fd
0x004223fd
0x0042240c
0x00422414
0x00000000
0x00000000
0x0042241a
0x00422423
0x00422442
0x00422447
0x0042244a
0x00422459
0x00422466
0x00422471
0x00422471
0x00000000
0x0042247d
0x0042247d
0x00422496
0x0042249b
0x00000000
0x0042249b
0x00422466
0x004224a3
0x004224c0
0x004224c7
0x004224e5
0x004224ea
0x004224ea
0x00000000
0x004224c7
0x00421abe
0x00421abe
0x00421ac5
0x00421acb
0x00421ad1
0x00421ad4
0x00421ada
0x00421aed
0x00421aed
0x00421af4
0x00000000
0x00421e4e
0x00421e4e
0x00421e55
0x00421e5c
0x00421e5f
0x00000000
0x00000000
0x00421afb
0x00421afe
0x00421b04
0x00421b09
0x00421b0e
0x00421b0e
0x00000000
0x00000000
0x00421c3b
0x00421c3e
0x00421c43
0x00421c48
0x00421c4e
0x00421c4e
0x00000000
0x00000000
0x0042201b
0x0042201b
0x00000000
0x00000000
0x00421ba5
0x00421ba5
0x00421bb1
0x00421bbe
0x00421bcc
0x00421bcc
0x00421bd2
0x00421bd5
0x00421be1
0x00421c36
0x00000000
0x00421c36
0x00421bc0
0x00421bc0
0x00421bca
0x00421be6
0x00421be9
0x00421bef
0x00421c17
0x00421c1e
0x00421c24
0x00421c27
0x00421c2a
0x00421c30
0x00421c33
0x00421bf1
0x00421bf1
0x00421bf7
0x00421bfa
0x00421bfd
0x00421c03
0x00421c06
0x00421c09
0x00421c0b
0x00421c0e
0x00421c0e
0x00000000
0x00421bef
0x00000000
0x00000000
0x00421e65
0x00421e68
0x00421e6b
0x00421e6e
0x00421e74
0x00421e77
0x00421e82
0x00421e8d
0x00421e91
0x00421ea8
0x00421eaf
0x00421eb1
0x00421eb1
0x00421eb8
0x00421ebf
0x00421ed0
0x00421edf
0x00421ee6
0x00421efc
0x00421ee8
0x00421ee8
0x00421eeb
0x00421ef1
0x00421ef7
0x00421ef7
0x00421ee6
0x00421f06
0x00421f09
0x00421f0c
0x00421f0f
0x00421f12
0x00421f15
0x00421f1b
0x00421f21
0x00421f29
0x00421f2a
0x00421f2d
0x00421f2e
0x00421f31
0x00421f32
0x00421f39
0x00421f3a
0x00421f3d
0x00421f3e
0x00421f41
0x00421f42
0x00421f48
0x00421f49
0x00421f57
0x00421f59
0x00421f5f
0x00421f65
0x00421f6d
0x00421f75
0x00421f76
0x00421f79
0x00421f7a
0x00421f88
0x00421f8a
0x00421f8a
0x00421f8d
0x00421f97
0x00421f9c
0x00421fa2
0x00421fa4
0x00421fac
0x00421fad
0x00421fb0
0x00421fb1
0x00421fc0
0x00421fc2
0x00421fc2
0x00421fa2
0x00421fc5
0x00421fc8
0x00421fce
0x00421fd3
0x00421fd9
0x00421fdf
0x00421fe2
0x00421fe2
0x00421fe5
0x00421ff1
0x00000000
0x00421ff1
0x00421e93
0x00421e93
0x00421e9d
0x00000000
0x00000000
0x00421e9f
0x00421e9f
0x00000000
0x00421e9f
0x00421e84
0x00421e84
0x00000000
0x00000000
0x00421b11
0x00421b14
0x00421b1a
0x00421b75
0x00421b7d
0x00421b84
0x00421b8a
0x00421b90
0x00421b1c
0x00421b1c
0x00421b26
0x00421b2a
0x00421b32
0x00421b39
0x00421b46
0x00421b4d
0x00421b59
0x00421b66
0x00421b68
0x00421b68
0x00421b6f
0x00421b97
0x00421b9d
0x00000000
0x00000000
0x00421ff9
0x00421ffc
0x00421fff
0x00422002
0x00000000
0x00000000
0x00421d57
0x00421d57
0x00421d63
0x00421d70
0x00421e1a
0x00421e1d
0x00421e20
0x00421e34
0x00421e3a
0x00421e40
0x00421e22
0x00421e22
0x00421e2f
0x00421e2f
0x00421e42
0x00000000
0x00421e42
0x00421d76
0x00421d76
0x00421d78
0x00421d86
0x00421d7a
0x00421d7a
0x00421d7a
0x00421d90
0x00421d96
0x00421da3
0x00421da5
0x00421daa
0x00421dac
0x00421db1
0x00421db6
0x00421db8
0x00421dbd
0x00421dc3
0x00421dc5
0x00421dc5
0x00421dc3
0x00421dcd
0x00421e15
0x00000000
0x00421dcf
0x00421dcf
0x00421dd4
0x00421df0
0x00421df8
0x00421e02
0x00421e05
0x00421e0a
0x00000000
0x00421e0a
0x00000000
0x0042205c
0x0042205c
0x00422066
0x0042206c
0x00422071
0x00422077
0x00422077
0x00000000
0x00000000
0x00422014
0x00422014
0x00000000
0x00000000
0x00421c51
0x00421c55
0x00421c63
0x00421c66
0x00421c57
0x00421c57
0x00421c57
0x00421c6c
0x00421c72
0x00421c78
0x00421c84
0x00421c8a
0x00421c90
0x00421cf7
0x00421cfb
0x00421cfd
0x00421d03
0x00421d03
0x00421d06
0x00421d09
0x00421d0f
0x00421d0f
0x00421d0f
0x00421d1b
0x00421d1e
0x00421d26
0x00000000
0x00000000
0x00421d28
0x00421d28
0x00421d2e
0x00421d33
0x00000000
0x00000000
0x00421d35
0x00421d3b
0x00421d3e
0x00421d3e
0x00421d46
0x00421d4c
0x00421d4f
0x00000000
0x00421c92
0x00421c92
0x00421c96
0x00421c98
0x00421c9d
0x00421c9d
0x00421ca0
0x00421ca7
0x00421caa
0x00421cb0
0x00421cb0
0x00421cb0
0x00421cbc
0x00421cbf
0x00421cc7
0x00000000
0x00000000
0x00421cc9
0x00421cc9
0x00421ccf
0x00421cd4
0x00000000
0x00000000
0x00421cd6
0x00421cdc
0x00421cdf
0x00421cdf
0x00421ce7
0x00421ced
0x00421cf0
0x00421cf2
0x00421d52
0x00000000
0x00421d52
0x00000000
0x00000000
0x00000000
0x00422027
0x00422027
0x00422031
0x00422031
0x0042203b
0x00422041
0x00422043
0x0042204d
0x00422050
0x00422053
0x00422053
0x00000000
0x00000000
0x00000000
0x00000000
0x00421af4
0x00422302
0x00422302
0x00422302
0x00422302
0x00422302
0x00422302
0x00422302
0x0042215f
0x00422156
0x0042207a
0x0042207a
0x0042207a

APIs

_get_int64_arg.LIBCMTD ref: 00422088
_get_int64_arg.LIBCMTD ref: 004220B0
__aullrem.LIBCMT ref: 00422255
__aulldiv.LIBCMT ref: 00422277

Strings

9, xrefs: 00422288

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 9d9122a8fd2368d2df23634e3781078bab4f14e8da9bcb78073d504c68f81e25
Instruction ID: e0798f233720da64f2ad7f2530df58488c946775afdde6470691a20e54dbd768
Opcode Fuzzy Hash: 9d9122a8fd2368d2df23634e3781078bab4f14e8da9bcb78073d504c68f81e25
Instruction Fuzzy Hash: CF41F5B1E05229EFDB64CF48DD89BAEB7B5BB44300F6081DAE509A7240C7785E81CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004238AD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E004238AD(intOrPtr __ebx, signed int __edx, intOrPtr __edi, intOrPtr __esi) {
				signed int _t483;
				signed int _t502;
				void* _t507;
				signed int _t509;
				void* _t517;
				void* _t535;
				intOrPtr _t539;
				signed int _t556;
				signed short _t557;
				signed int _t560;
				signed int _t563;
				signed int _t564;
				intOrPtr _t565;
				signed int _t619;
				signed int _t621;
				signed int _t623;
				signed int _t630;
				signed int _t642;
				signed int _t669;
				intOrPtr _t670;
				intOrPtr _t671;
				signed int _t672;
				void* _t674;
				void* _t675;
				signed int _t681;

				L0:
				while(1) {
					L0:
					_t671 = __esi;
					_t670 = __edi;
					_t619 = __edx;
					_t565 = __ebx;
					 *(_t672 - 8) = 0xa;
					L150:
					while(1) {
						L150:
						while(1) {
							L150:
							while(1) {
								L150:
								if(( *(_t672 - 0x10) & 0x00008000) == 0) {
									_t621 =  *(_t672 - 0x10) & 0x00001000;
									if(_t621 == 0) {
										if(( *(_t672 - 0x10) & 0x00000020) == 0) {
											_t623 =  *(_t672 - 0x10) & 0x00000040;
											if(_t623 == 0) {
												_t483 = E0041C290(_t672 + 0x14);
												_t675 = _t674 + 4;
												 *(_t672 - 0x4a0) = _t483;
												 *(_t672 - 0x49c) = 0;
											} else {
												_t556 = E0041C290(_t672 + 0x14);
												_t675 = _t674 + 4;
												asm("cdq");
												 *(_t672 - 0x4a0) = _t556;
												 *(_t672 - 0x49c) = _t623;
											}
										} else {
											_t669 =  *(_t672 - 0x10) & 0x00000040;
											if(_t669 == 0) {
												_t557 = E0041C290(_t672 + 0x14);
												_t675 = _t674 + 4;
												asm("cdq");
												 *(_t672 - 0x4a0) = _t557 & 0x0000ffff;
												 *(_t672 - 0x49c) = _t669;
											} else {
												_t560 = E0041C290(_t672 + 0x14);
												_t675 = _t674 + 4;
												asm("cdq");
												 *(_t672 - 0x4a0) = _t560;
												 *(_t672 - 0x49c) = _t669;
											}
										}
									} else {
										_t563 = E0041C2B0(_t672 + 0x14);
										_t675 = _t674 + 4;
										 *(_t672 - 0x4a0) = _t563;
										 *(_t672 - 0x49c) = _t621;
									}
								} else {
									_t564 = E0041C2B0(_t672 + 0x14);
									_t675 = _t674 + 4;
									 *(_t672 - 0x4a0) = _t564;
									 *(_t672 - 0x49c) = _t619;
								}
								if(( *(_t672 - 0x10) & 0x00000040) == 0) {
									L167:
									 *(_t672 - 0x4a8) =  *(_t672 - 0x4a0);
									 *(_t672 - 0x4a4) =  *(_t672 - 0x49c);
									goto L168;
								} else {
									L163:
									_t681 =  *(_t672 - 0x49c);
									if(_t681 > 0 || _t681 >= 0 &&  *(_t672 - 0x4a0) >= 0) {
										goto L167;
									} else {
										L166:
										asm("adc edx, 0x0");
										 *(_t672 - 0x4a8) =  ~( *(_t672 - 0x4a0));
										 *(_t672 - 0x4a4) =  ~( *(_t672 - 0x49c));
										 *(_t672 - 0x10) =  *(_t672 - 0x10) | 0x00000100;
										L168:
										if(( *(_t672 - 0x10) & 0x00008000) == 0 && ( *(_t672 - 0x10) & 0x00001000) == 0) {
											 *(_t672 - 0x4a4) =  *(_t672 - 0x4a4) & 0x00000000;
										}
										if( *(_t672 - 0x30) >= 0) {
											 *(_t672 - 0x10) =  *(_t672 - 0x10) & 0xfffffff7;
											if( *(_t672 - 0x30) > 0x200) {
												 *(_t672 - 0x30) = 0x200;
											}
										} else {
											 *(_t672 - 0x30) = 1;
										}
										if(( *(_t672 - 0x4a8) |  *(_t672 - 0x4a4)) == 0) {
											 *(_t672 - 0x1c) = 0;
										}
										 *((intOrPtr*)(_t672 - 4)) = _t672 - 0x249;
										while(1) {
											L178:
											_t629 =  *(_t672 - 0x30) - 1;
											 *(_t672 - 0x30) =  *(_t672 - 0x30) - 1;
											if( *(_t672 - 0x30) <= 0 && ( *(_t672 - 0x4a8) |  *(_t672 - 0x4a4)) == 0) {
												break;
											}
											L180:
											asm("cdq");
											_t630 =  *(_t672 - 0x4a8);
											 *((intOrPtr*)(_t672 - 0x494)) = E0041CE40(_t630,  *(_t672 - 0x4a4),  *(_t672 - 8), _t629) + 0x30;
											asm("cdq");
											 *(_t672 - 0x4a8) = E0041CDD0( *(_t672 - 0x4a8),  *(_t672 - 0x4a4),  *(_t672 - 8), _t630);
											 *(_t672 - 0x4a4) = _t630;
											if( *((intOrPtr*)(_t672 - 0x494)) > 0x39) {
												 *((intOrPtr*)(_t672 - 0x494)) =  *((intOrPtr*)(_t672 - 0x494)) +  *((intOrPtr*)(_t672 - 0x460));
											}
											 *((char*)( *((intOrPtr*)(_t672 - 4)))) =  *((intOrPtr*)(_t672 - 0x494));
											 *((intOrPtr*)(_t672 - 4)) =  *((intOrPtr*)(_t672 - 4)) - 1;
										}
										L183:
										 *((intOrPtr*)(_t672 - 0x24)) = _t672 - 0x249 -  *((intOrPtr*)(_t672 - 4));
										 *((intOrPtr*)(_t672 - 4)) =  *((intOrPtr*)(_t672 - 4)) + 1;
										if(( *(_t672 - 0x10) & 0x00000200) != 0 && ( *((intOrPtr*)(_t672 - 0x24)) == 0 ||  *((char*)( *((intOrPtr*)(_t672 - 4)))) != 0x30)) {
											 *((intOrPtr*)(_t672 - 4)) =  *((intOrPtr*)(_t672 - 4)) - 1;
											 *((char*)( *((intOrPtr*)(_t672 - 4)))) = 0x30;
											 *((intOrPtr*)(_t672 - 0x24)) =  *((intOrPtr*)(_t672 - 0x24)) + 1;
										}
										L187:
										while(1) {
											L187:
											while(1) {
												L187:
												while(1) {
													L187:
													while(1) {
														L187:
														while(1) {
															L187:
															while(1) {
																L187:
																while(1) {
																	do {
																		L187:
																		if( *((intOrPtr*)(_t672 - 0x28)) != 0) {
																			L212:
																			if( *(_t672 - 0x20) != 0) {
																				L0040C240( *(_t672 - 0x20), 2);
																				_t675 = _t675 + 8;
																				 *(_t672 - 0x20) = 0;
																			}
																			while(1) {
																				L214:
																				 *(_t672 - 0x454) =  *((intOrPtr*)( *((intOrPtr*)(_t672 + 0xc))));
																				_t578 =  *(_t672 - 0x454) & 0x0000ffff;
																				 *((intOrPtr*)(_t672 + 0xc)) =  *((intOrPtr*)(_t672 + 0xc)) + 2;
																				if(( *(_t672 - 0x454) & 0x0000ffff) == 0 ||  *(_t672 - 0x44c) < 0) {
																					break;
																				} else {
																					if(( *(_t672 - 0x454) & 0x0000ffff) < 0x20 || ( *(_t672 - 0x454) & 0x0000ffff) > 0x78) {
																						 *(_t672 - 0x4d8) = 0;
																					} else {
																						 *(_t672 - 0x4d8) =  *(( *(_t672 - 0x454) & 0x0000ffff) + L"pecifier\", 0)") & 0xf;
																					}
																				}
																				L7:
																				 *(_t672 - 0x450) =  *(_t672 - 0x4d8);
																				_t642 =  *(_t672 - 0x450) * 9;
																				_t509 =  *(_t672 - 0x45c);
																				_t586 = ( *(_t642 + _t509 + 0x4083d0) & 0x000000ff) >> 4;
																				 *(_t672 - 0x45c) = ( *(_t642 + _t509 + 0x4083d0) & 0x000000ff) >> 4;
																				if( *(_t672 - 0x45c) != 8) {
																					L16:
																					 *(_t672 - 0x4e0) =  *(_t672 - 0x45c);
																					if( *(_t672 - 0x4e0) > 7) {
																						continue;
																					}
																					L17:
																					switch( *((intOrPtr*)( *(_t672 - 0x4e0) * 4 +  &M00423E84))) {
																						case 0:
																							L18:
																							 *(_t672 - 0xc) = 1;
																							E00423F90( *(_t672 - 0x454) & 0x0000ffff,  *((intOrPtr*)(_t672 + 8)), _t672 - 0x44c);
																							_t675 = _t675 + 0xc;
																							goto L214;
																						case 1:
																							L19:
																							 *(__ebp - 0x2c) = 0;
																							__ecx =  *(__ebp - 0x2c);
																							 *(__ebp - 0x28) = __ecx;
																							__edx =  *(__ebp - 0x28);
																							 *(__ebp - 0x18) =  *(__ebp - 0x28);
																							__eax =  *(__ebp - 0x18);
																							 *(__ebp - 0x1c) =  *(__ebp - 0x18);
																							 *(__ebp - 0x10) = 0;
																							 *(__ebp - 0x30) = 0xffffffff;
																							 *(__ebp - 0xc) = 0;
																							goto L214;
																						case 2:
																							L20:
																							__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																							 *(__ebp - 0x4e4) = __ecx;
																							 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
																							 *(__ebp - 0x4e4) =  *(__ebp - 0x4e4) - 0x20;
																							if( *(__ebp - 0x4e4) > 0x10) {
																								goto L27;
																							}
																							L21:
																							_t57 =  *(__ebp - 0x4e4) + 0x423ebc; // 0x498d04
																							__ecx =  *_t57 & 0x000000ff;
																							switch( *((intOrPtr*)(__ecx * 4 +  &M00423EA4))) {
																								case 0:
																									goto L24;
																								case 1:
																									goto L25;
																								case 2:
																									goto L23;
																								case 3:
																									goto L22;
																								case 4:
																									goto L26;
																								case 5:
																									goto L27;
																							}
																						case 3:
																							L28:
																							__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																							if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
																								 *(__ebp - 0x18) =  *(__ebp - 0x18) * 0xa;
																								_t81 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
																								__ecx =  *(__ebp - 0x18) * 0xa + _t81;
																								 *(__ebp - 0x18) = __ecx;
																							} else {
																								__edx = __ebp + 0x14;
																								 *(__ebp - 0x18) = E0041C290(__ebp + 0x14);
																								if( *(__ebp - 0x18) < 0) {
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																									__ecx =  *(__ebp - 0x18);
																									__ecx =  ~( *(__ebp - 0x18));
																									 *(__ebp - 0x18) = __ecx;
																								}
																							}
																							goto L214;
																						case 4:
																							L34:
																							 *(__ebp - 0x30) = 0;
																							goto L214;
																						case 5:
																							L35:
																							__edx =  *(__ebp - 0x454) & 0x0000ffff;
																							if(( *(__ebp - 0x454) & 0x0000ffff) != 0x2a) {
																								__ecx =  *(__ebp - 0x30);
																								__ecx =  *(__ebp - 0x30) * 0xa;
																								_t92 = ( *(__ebp - 0x454) & 0x0000ffff) - 0x30; // -48
																								__eax = __ecx + _t92;
																								 *(__ebp - 0x30) = __ecx + _t92;
																							} else {
																								__eax = __ebp + 0x14;
																								 *(__ebp - 0x30) = E0041C290(__ebp + 0x14);
																								if( *(__ebp - 0x30) < 0) {
																									 *(__ebp - 0x30) = 0xffffffff;
																								}
																							}
																							goto L214;
																						case 6:
																							L41:
																							__ecx =  *(__ebp - 0x454) & 0x0000ffff;
																							 *(__ebp - 0x4e8) = __ecx;
																							 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
																							 *(__ebp - 0x4e8) =  *(__ebp - 0x4e8) - 0x49;
																							if( *(__ebp - 0x4e8) > 0x2e) {
																								L64:
																								goto L214;
																							}
																							L42:
																							_t100 =  *(__ebp - 0x4e8) + 0x423ee4; // 0x36f19003
																							__ecx =  *_t100 & 0x000000ff;
																							switch( *((intOrPtr*)(__ecx * 4 +  &M00423ED0))) {
																								case 0:
																									L47:
																									__ecx =  *(__ebp + 0xc);
																									__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																									if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x36) {
																										L50:
																										__ecx =  *(__ebp + 0xc);
																										__edx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																										if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x33) {
																											L53:
																											__ecx =  *(__ebp + 0xc);
																											__edx =  *__ecx & 0x0000ffff;
																											if(( *__ecx & 0x0000ffff) == 0x64) {
																												L59:
																												L61:
																												goto L64;
																											}
																											L54:
																											__eax =  *(__ebp + 0xc);
																											__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																											if(__ecx == 0x69) {
																												goto L59;
																											}
																											L55:
																											__edx =  *(__ebp + 0xc);
																											__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																											if(( *( *(__ebp + 0xc)) & 0x0000ffff) == 0x6f) {
																												goto L59;
																											}
																											L56:
																											__ecx =  *(__ebp + 0xc);
																											__edx =  *__ecx & 0x0000ffff;
																											if(( *__ecx & 0x0000ffff) == 0x75) {
																												goto L59;
																											}
																											L57:
																											__eax =  *(__ebp + 0xc);
																											__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
																											if(__ecx == 0x78) {
																												goto L59;
																											}
																											L58:
																											__edx =  *(__ebp + 0xc);
																											__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																											if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x58) {
																												 *(__ebp - 0x45c) = 0;
																												goto L18;
																											}
																											goto L59;
																										}
																										L51:
																										__eax =  *(__ebp + 0xc);
																										__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
																										if(__ecx != 0x32) {
																											goto L53;
																										} else {
																											 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																											 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																											 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
																											 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0xffff7fff;
																											goto L61;
																										}
																									}
																									L48:
																									__eax =  *(__ebp + 0xc);
																									__ecx =  *( *(__ebp + 0xc) + 2) & 0x0000ffff;
																									if(__ecx != 0x34) {
																										goto L50;
																									} else {
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00008000;
																										goto L61;
																									}
																								case 1:
																									L62:
																									__ecx =  *(__ebp - 0x10);
																									__ecx =  *(__ebp - 0x10) | 0x00000020;
																									 *(__ebp - 0x10) = __ecx;
																									goto L64;
																								case 2:
																									L43:
																									__edx =  *(__ebp + 0xc);
																									__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
																									if(( *( *(__ebp + 0xc)) & 0x0000ffff) != 0x6c) {
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000010;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000010;
																									} else {
																										__ecx =  *(__ebp + 0xc);
																										__ecx =  *(__ebp + 0xc) + 2;
																										 *(__ebp + 0xc) = __ecx;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																										 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00001000;
																									}
																									goto L64;
																								case 3:
																									L63:
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																									 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000800;
																									goto L64;
																								case 4:
																									goto L64;
																							}
																						case 7:
																							goto L65;
																						case 8:
																							L24:
																							__ecx =  *(__ebp - 0x10);
																							__ecx =  *(__ebp - 0x10) | 0x00000002;
																							 *(__ebp - 0x10) = __ecx;
																							goto L27;
																						case 9:
																							L25:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000080;
																							goto L27;
																						case 0xa:
																							L23:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000001;
																							goto L27;
																						case 0xb:
																							L22:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000004;
																							goto L27;
																						case 0xc:
																							L26:
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000008;
																							 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000008;
																							goto L27;
																						case 0xd:
																							L27:
																							goto L214;
																					}
																				} else {
																					_t640 = 0;
																					if(0 == 0) {
																						 *(_t672 - 0x4dc) = 0;
																					} else {
																						 *(_t672 - 0x4dc) = 1;
																					}
																					 *(_t672 - 0x46c) =  *(_t672 - 0x4dc);
																					if( *(_t672 - 0x46c) == 0) {
																						_push(L"(\"Incorrect format specifier\", 0)");
																						_push(0);
																						_push(0x460);
																						_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																						_push(2);
																						_t517 = L0040E1A0();
																						_t675 = _t675 + 0x14;
																						if(_t517 == 1) {
																							asm("int3");
																						}
																					}
																					L14:
																					if( *(_t672 - 0x46c) != 0) {
																						goto L16;
																					} else {
																						 *((intOrPtr*)(L0040EC70(_t586))) = 0x16;
																						E00411A50(_t565, _t586, _t670, _t671, L"(\"Incorrect format specifier\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x460, 0);
																						 *(_t672 - 0x4c8) = 0xffffffff;
																						E0040D380(_t672 - 0x40);
																						_t502 =  *(_t672 - 0x4c8);
																						L225:
																						return E00416CA0(_t502, _t565,  *(_t672 - 0x48) ^ _t672, _t640, _t670, _t671);
																					}
																				}
																			}
																			L215:
																			if( *(_t672 - 0x45c) == 0 ||  *(_t672 - 0x45c) == 7) {
																				 *(_t672 - 0x4f8) = 1;
																			} else {
																				 *(_t672 - 0x4f8) = 0;
																			}
																			_t640 =  *(_t672 - 0x4f8);
																			 *(_t672 - 0x4bc) =  *(_t672 - 0x4f8);
																			if( *(_t672 - 0x4bc) == 0) {
																				_push(L"((state == ST_NORMAL) || (state == ST_TYPE))");
																				_push(0);
																				_push(0x8f5);
																				_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																				_push(2);
																				_t507 = L0040E1A0();
																				_t675 = _t675 + 0x14;
																				if(_t507 == 1) {
																					asm("int3");
																				}
																			}
																			if( *(_t672 - 0x4bc) != 0) {
																				 *(_t672 - 0x4d4) =  *(_t672 - 0x44c);
																				E0040D380(_t672 - 0x40);
																				_t502 =  *(_t672 - 0x4d4);
																			} else {
																				 *((intOrPtr*)(L0040EC70(_t578))) = 0x16;
																				E00411A50(_t565, _t578, _t670, _t671, L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x8f5, 0);
																				 *(_t672 - 0x4d0) = 0xffffffff;
																				E0040D380(_t672 - 0x40);
																				_t502 =  *(_t672 - 0x4d0);
																			}
																			goto L225;
																		}
																		L188:
																		if(( *(_t672 - 0x10) & 0x00000040) != 0) {
																			if(( *(_t672 - 0x10) & 0x00000100) == 0) {
																				if(( *(_t672 - 0x10) & 0x00000001) == 0) {
																					if(( *(_t672 - 0x10) & 0x00000002) != 0) {
																						 *((short*)(_t672 - 0x14)) = 0x20;
																						 *(_t672 - 0x1c) = 1;
																					}
																				} else {
																					 *((short*)(_t672 - 0x14)) = 0x2b;
																					 *(_t672 - 0x1c) = 1;
																				}
																			} else {
																				 *((short*)(_t672 - 0x14)) = 0x2d;
																				 *(_t672 - 0x1c) = 1;
																			}
																		}
																		 *((intOrPtr*)(_t672 - 0x4ac)) =  *((intOrPtr*)(_t672 - 0x18)) -  *((intOrPtr*)(_t672 - 0x24)) -  *(_t672 - 0x1c);
																		if(( *(_t672 - 0x10) & 0x0000000c) == 0) {
																			E00423FF0(0x20,  *((intOrPtr*)(_t672 - 0x4ac)),  *((intOrPtr*)(_t672 + 8)), _t672 - 0x44c);
																			_t675 = _t675 + 0x10;
																		}
																		E00424030( *(_t672 - 0x1c), _t672 - 0x14,  *(_t672 - 0x1c),  *((intOrPtr*)(_t672 + 8)), _t672 - 0x44c);
																		_t675 = _t675 + 0x10;
																		if(( *(_t672 - 0x10) & 0x00000008) != 0 && ( *(_t672 - 0x10) & 0x00000004) == 0) {
																			E00423FF0(0x30,  *((intOrPtr*)(_t672 - 0x4ac)),  *((intOrPtr*)(_t672 + 8)), _t672 - 0x44c);
																			_t675 = _t675 + 0x10;
																		}
																		if( *(_t672 - 0xc) != 0 ||  *((intOrPtr*)(_t672 - 0x24)) <= 0) {
																			L208:
																			E00424030( *((intOrPtr*)(_t672 - 0x24)),  *((intOrPtr*)(_t672 - 4)),  *((intOrPtr*)(_t672 - 0x24)),  *((intOrPtr*)(_t672 + 8)), _t672 - 0x44c);
																			_t675 = _t675 + 0x10;
																			goto L209;
																		} else {
																			L202:
																			 *((intOrPtr*)(_t672 - 0x4b0)) =  *((intOrPtr*)(_t672 - 4));
																			 *((intOrPtr*)(_t672 - 0x4b4)) =  *((intOrPtr*)(_t672 - 0x24));
																			while(1) {
																				L203:
																				 *((intOrPtr*)(_t672 - 0x4b4)) =  *((intOrPtr*)(_t672 - 0x4b4)) - 1;
																				if( *((intOrPtr*)(_t672 - 0x4b4)) <= 0) {
																					break;
																				}
																				L204:
																				_t535 = E0040D3B0(_t672 - 0x40);
																				_t539 = E00419150(_t672 - 0x458,  *((intOrPtr*)(_t672 - 0x4b0)),  *((intOrPtr*)( *((intOrPtr*)(E0040D3B0(_t672 - 0x40))) + 0xac)), _t535);
																				_t675 = _t675 + 0x10;
																				 *((intOrPtr*)(_t672 - 0x4b8)) = _t539;
																				if( *((intOrPtr*)(_t672 - 0x4b8)) > 0) {
																					L206:
																					E00423F90( *(_t672 - 0x458) & 0x0000ffff,  *((intOrPtr*)(_t672 + 8)), _t672 - 0x44c);
																					_t675 = _t675 + 0xc;
																					 *((intOrPtr*)(_t672 - 0x4b0)) =  *((intOrPtr*)(_t672 - 0x4b0)) +  *((intOrPtr*)(_t672 - 0x4b8));
																					continue;
																				}
																				L205:
																				 *(_t672 - 0x44c) = 0xffffffff;
																				break;
																			}
																			L207:
																			L209:
																			if( *(_t672 - 0x44c) >= 0 && ( *(_t672 - 0x10) & 0x00000004) != 0) {
																				E00423FF0(0x20,  *((intOrPtr*)(_t672 - 0x4ac)),  *((intOrPtr*)(_t672 + 8)), _t672 - 0x44c);
																				_t675 = _t675 + 0x10;
																			}
																			goto L212;
																		}
																		L65:
																		__eax =  *(__ebp - 0x454) & 0x0000ffff;
																		 *(__ebp - 0x4ec) =  *(__ebp - 0x454) & 0x0000ffff;
																		__ecx =  *(__ebp - 0x4ec);
																		__ecx =  *(__ebp - 0x4ec) - 0x41;
																		 *(__ebp - 0x4ec) = __ecx;
																	} while ( *(__ebp - 0x4ec) > 0x37);
																	__edx =  *(__ebp - 0x4ec);
																	_t141 = __edx + 0x423f50; // 0xcccccc0d
																	__eax =  *_t141 & 0x000000ff;
																	switch( *((intOrPtr*)(( *_t141 & 0x000000ff) * 4 +  &M00423F14))) {
																		case 0:
																			L120:
																			 *(__ebp - 0x2c) = 1;
																			 *(__ebp - 0x454) & 0x0000ffff = ( *(__ebp - 0x454) & 0x0000ffff) + 0x20;
																			 *(__ebp - 0x454) = __ax;
																			goto L121;
																		case 1:
																			L67:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																			}
																			goto L69;
																		case 2:
																			L82:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000830;
																			if(( *(__ebp - 0x10) & 0x00000830) == 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000020;
																			}
																			goto L84;
																		case 3:
																			L143:
																			 *((intOrPtr*)(__ebp - 0x460)) = 7;
																			goto L145;
																		case 4:
																			L75:
																			__eax = __ebp + 0x14;
																			 *(__ebp - 0x474) = E0041C290(__ebp + 0x14);
																			if( *(__ebp - 0x474) == 0) {
																				L77:
																				__edx =  *0x60b4f0; // 0x407424
																				 *(__ebp - 4) = __edx;
																				__eax =  *(__ebp - 4);
																				 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																				L81:
																				goto L187;
																			}
																			L76:
																			__ecx =  *(__ebp - 0x474);
																			if( *((intOrPtr*)( *(__ebp - 0x474) + 4)) != 0) {
																				L78:
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000800;
																				if(( *(__ebp - 0x10) & 0x00000800) == 0) {
																					 *(__ebp - 0xc) = 0;
																					__edx =  *(__ebp - 0x474);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x474);
																					__edx =  *__ecx;
																					 *(__ebp - 0x24) =  *__ecx;
																				} else {
																					__edx =  *(__ebp - 0x474);
																					__eax =  *(__edx + 4);
																					 *(__ebp - 4) =  *(__edx + 4);
																					__ecx =  *(__ebp - 0x474);
																					__eax =  *__ecx;
																					asm("cdq");
																					 *__ecx - __edx =  *__ecx - __edx >> 1;
																					 *(__ebp - 0x24) =  *__ecx - __edx >> 1;
																					 *(__ebp - 0xc) = 1;
																				}
																				goto L81;
																			}
																			goto L77;
																		case 5:
																			L121:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			__edx = __ebp - 0x448;
																			 *(__ebp - 4) = __ebp - 0x448;
																			 *(__ebp - 0x44) = 0x200;
																			if( *(__ebp - 0x30) >= 0) {
																				L123:
																				if( *(__ebp - 0x30) != 0) {
																					L126:
																					if( *(__ebp - 0x30) > 0x200) {
																						 *(__ebp - 0x30) = 0x200;
																					}
																					L128:
																					if( *(__ebp - 0x30) > 0xa3) {
																						__ecx =  *(__ebp - 0x30);
																						__ecx =  *(__ebp - 0x30) + 0x15d;
																						 *(__ebp - 0x20) = L0040B5C0( *(__ebp - 0x30) + 0x15d,  *(__ebp - 0x30) + 0x15d, 2, "f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x6da);
																						if( *(__ebp - 0x20) == 0) {
																							 *(__ebp - 0x30) = 0xa3;
																						} else {
																							__edx =  *(__ebp - 0x20);
																							 *(__ebp - 4) =  *(__ebp - 0x20);
																							 *(__ebp - 0x30) =  *(__ebp - 0x30) + 0x15d;
																							 *(__ebp - 0x44) =  *(__ebp - 0x30) + 0x15d;
																						}
																					}
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					 *(__ebp + 0x14) =  *(__ebp + 0x14) + 8;
																					__edx =  *(__ebp + 0x14);
																					__eax =  *(__edx - 8);
																					__ecx =  *(__edx - 4);
																					 *(__ebp - 0x490) =  *(__edx - 8);
																					 *(__ebp - 0x48c) =  *(__edx - 4);
																					__ecx = __ebp - 0x40;
																					_push(E0040D3B0(__ebp - 0x40));
																					__edx =  *(__ebp - 0x2c);
																					_push( *(__ebp - 0x2c));
																					__eax =  *(__ebp - 0x30);
																					_push( *(__ebp - 0x30));
																					__ecx =  *(__ebp - 0x454);
																					_push( *(__ebp - 0x454));
																					__edx =  *(__ebp - 0x44);
																					_push( *(__ebp - 0x44));
																					__eax =  *(__ebp - 4);
																					_push( *(__ebp - 4));
																					__ecx = __ebp - 0x490;
																					_push(__ebp - 0x490);
																					__edx =  *0x60b3cc; // 0x7e8c4bdb
																					E00410200(__edx) =  *__eax();
																					__esp = __esp + 0x1c;
																					 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																					if(( *(__ebp - 0x10) & 0x00000080) != 0 &&  *(__ebp - 0x30) == 0) {
																						__ecx = __ebp - 0x40;
																						_push(E0040D3B0(__ebp - 0x40));
																						__ecx =  *(__ebp - 4);
																						_push( *(__ebp - 4));
																						__edx =  *0x60b3d8; // 0x7e8c4bdb
																						E00410200(__edx) =  *__eax();
																						__esp = __esp + 8;
																					}
																					__eax =  *(__ebp - 0x454) & 0x0000ffff;
																					if(( *(__ebp - 0x454) & 0x0000ffff) == 0x67) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																						if(( *(__ebp - 0x10) & 0x00000080) == 0) {
																							__ecx = __ebp - 0x40;
																							_push(E0040D3B0(__ebp - 0x40));
																							__edx =  *(__ebp - 4);
																							_push( *(__ebp - 4));
																							__eax =  *0x60b3d4; // 0x7e8c4bdb
																							__eax =  *__eax();
																							__esp = __esp + 8;
																						}
																					}
																					__ecx =  *(__ebp - 4);
																					__edx =  *( *(__ebp - 4));
																					if( *( *(__ebp - 4)) == 0x2d) {
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000100;
																						 *(__ebp - 4) =  *(__ebp - 4) + 1;
																						 *(__ebp - 4) =  *(__ebp - 4) + 1;
																					}
																					__edx =  *(__ebp - 4);
																					 *(__ebp - 0x24) = E0040DC40( *(__ebp - 4));
																					goto L187;
																				}
																				L124:
																				__eax =  *(__ebp - 0x454) & 0x0000ffff;
																				if(( *(__ebp - 0x454) & 0x0000ffff) != 0x67) {
																					goto L126;
																				}
																				L125:
																				 *(__ebp - 0x30) = 1;
																				goto L128;
																			}
																			L122:
																			 *(__ebp - 0x30) = 6;
																			goto L128;
																		case 6:
																			L69:
																			 *(__ebp - 0xc) = 1;
																			__ebp + 0x14 = E0041C290(__ebp + 0x14);
																			 *(__ebp - 0x458) = __ax;
																			__ecx =  *(__ebp - 0x10);
																			__ecx =  *(__ebp - 0x10) & 0x00000020;
																			if(__ecx == 0) {
																				 *(__ebp - 0x448) =  *(__ebp - 0x458);
																			} else {
																				 *(__ebp - 0x458) & 0x0000ffff =  *(__ebp - 0x458) & 0xff;
																				 *(__ebp - 0x470) = __dl;
																				 *((char*)(__ebp - 0x46f)) = 0;
																				__ecx = __ebp - 0x40;
																				__eax = E0040D3B0(__ebp - 0x40);
																				__ecx = __ebp - 0x40;
																				E0040D3B0(__ebp - 0x40) =  *__eax;
																				__ecx =  *(__ebp - 0x448 + 0xac);
																				__edx = __ebp - 0x470;
																				__eax = __ebp - 0x448;
																				if(E00419150(__ebp - 0x448, __ebp - 0x470,  *(__ebp - 0x448 + 0xac), __ebp - 0x448) < 0) {
																					 *(__ebp - 0x28) = 1;
																				}
																			}
																			__edx = __ebp - 0x448;
																			 *(__ebp - 4) = __ebp - 0x448;
																			 *(__ebp - 0x24) = 1;
																			goto L187;
																		case 7:
																			L141:
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000040;
																			 *(__ebp - 8) = 0xa;
																			goto L150;
																		case 8:
																			L106:
																			__eax = __ebp + 0x14;
																			 *(__ebp - 0x484) = E0041C290(__ebp + 0x14);
																			if(E00420F80() != 0) {
																				L116:
																				__ecx =  *(__ebp - 0x10);
																				__ecx =  *(__ebp - 0x10) & 0x00000020;
																				if(__ecx == 0) {
																					__ecx =  *(__ebp - 0x484);
																					__edx =  *(__ebp - 0x44c);
																					 *__ecx =  *(__ebp - 0x44c);
																				} else {
																					__edx =  *(__ebp - 0x484);
																					__ax =  *(__ebp - 0x44c);
																					 *( *(__ebp - 0x484)) = __ax;
																				}
																				 *(__ebp - 0x28) = 1;
																				goto L187;
																			}
																			L107:
																			__ecx = 0;
																			if(0 == 0) {
																				 *(__ebp - 0x4f4) = 0;
																			} else {
																				 *(__ebp - 0x4f4) = 1;
																			}
																			__edx =  *(__ebp - 0x4f4);
																			 *(__ebp - 0x488) =  *(__ebp - 0x4f4);
																			if( *(__ebp - 0x488) == 0) {
																				_push(L"(\"\'n\' format specifier disabled\", 0)");
																				_push(0);
																				_push(0x695);
																				_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c");
																				_push(2);
																				__eax = L0040E1A0();
																				__esp = __esp + 0x14;
																				if(__eax == 1) {
																					asm("int3");
																				}
																			}
																			if( *(__ebp - 0x488) != 0) {
																				L115:
																				goto L187;
																			} else {
																				L114:
																				 *((intOrPtr*)(L0040EC70(__ecx))) = 0x16;
																				__eax = E00411A50(__ebx, __ecx, __edi, __esi, L"(\"\'n\' format specifier disabled\", 0)", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\output.c", 0x695, 0);
																				 *(__ebp - 0x4cc) = 0xffffffff;
																				__ecx = __ebp - 0x40;
																				__eax = E0040D380(__ecx);
																				__eax =  *(__ebp - 0x4cc);
																				goto L225;
																			}
																		case 9:
																			L148:
																			 *(__ebp - 8) = 8;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000200;
																				 *(__ebp - 0x10) =  *(__ebp - 0x10) | 0x00000200;
																			}
																			goto L150;
																		case 0xa:
																			L142:
																			 *(__ebp - 0x30) = 8;
																			goto L143;
																		case 0xb:
																			L84:
																			if( *(__ebp - 0x30) != 0xffffffff) {
																				__edx =  *(__ebp - 0x30);
																				 *(__ebp - 0x4f0) =  *(__ebp - 0x30);
																			} else {
																				 *(__ebp - 0x4f0) = 0x7fffffff;
																			}
																			__eax =  *(__ebp - 0x4f0);
																			 *(__ebp - 0x47c) =  *(__ebp - 0x4f0);
																			__ecx = __ebp + 0x14;
																			 *(__ebp - 4) = E0041C290(__ebp + 0x14);
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000020;
																			if(( *(__ebp - 0x10) & 0x00000020) == 0) {
																				L98:
																				if( *(__ebp - 4) == 0) {
																					__ecx =  *0x60b4f4; // 0x407414
																					 *(__ebp - 4) = __ecx;
																				}
																				 *(__ebp - 0xc) = 1;
																				__edx =  *(__ebp - 4);
																				 *(__ebp - 0x480) =  *(__ebp - 4);
																				while(1) {
																					L101:
																					__eax =  *(__ebp - 0x47c);
																					__ecx =  *(__ebp - 0x47c);
																					__ecx =  *(__ebp - 0x47c) - 1;
																					 *(__ebp - 0x47c) = __ecx;
																					if( *(__ebp - 0x47c) == 0) {
																						break;
																					}
																					L102:
																					__edx =  *(__ebp - 0x480);
																					__eax =  *( *(__ebp - 0x480)) & 0x0000ffff;
																					if(( *( *(__ebp - 0x480)) & 0x0000ffff) == 0) {
																						break;
																					}
																					L103:
																					 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
																					 *(__ebp - 0x480) =  *(__ebp - 0x480) + 2;
																				}
																				L104:
																				 *(__ebp - 0x480) =  *(__ebp - 0x480) -  *(__ebp - 4);
																				__edx =  *(__ebp - 0x480) -  *(__ebp - 4) >> 1;
																				 *(__ebp - 0x24) =  *(__ebp - 0x480) -  *(__ebp - 4) >> 1;
																				goto L105;
																			} else {
																				L88:
																				if( *(__ebp - 4) == 0) {
																					__eax =  *0x60b4f0; // 0x407424
																					 *(__ebp - 4) = __eax;
																				}
																				__ecx =  *(__ebp - 4);
																				 *(__ebp - 0x478) = __ecx;
																				 *(__ebp - 0x24) = 0;
																				while(1) {
																					L92:
																					__eax =  *(__ebp - 0x24);
																					if( *(__ebp - 0x24) >=  *(__ebp - 0x47c)) {
																						break;
																					}
																					L93:
																					__ecx =  *(__ebp - 0x478);
																					__edx =  *__ecx;
																					if( *__ecx == 0) {
																						break;
																					}
																					L94:
																					__ecx = __ebp - 0x40;
																					E0040D3B0(__ebp - 0x40) =  *(__ebp - 0x478);
																					__ecx =  *( *(__ebp - 0x478)) & 0x000000ff;
																					if(E00419390( *( *(__ebp - 0x478)) & 0x000000ff,  *(__ebp - 0x478)) != 0) {
																						 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																						 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																					}
																					 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																					 *(__ebp - 0x478) =  *(__ebp - 0x478) + 1;
																					 *(__ebp - 0x24) =  *(__ebp - 0x24) + 1;
																					 *(__ebp - 0x24) =  *(__ebp - 0x24) + 1;
																				}
																				L97:
																				L105:
																				goto L187;
																			}
																		case 0xc:
																			goto L0;
																		case 0xd:
																			L144:
																			 *((intOrPtr*)(__ebp - 0x460)) = 0x27;
																			L145:
																			 *(__ebp - 8) = 0x10;
																			 *(__ebp - 0x10) =  *(__ebp - 0x10) & 0x00000080;
																			if(( *(__ebp - 0x10) & 0x00000080) != 0) {
																				__edx = 0x30;
																				 *((short*)(__ebp - 0x14)) = __dx;
																				 *((intOrPtr*)(__ebp - 0x460)) =  *((intOrPtr*)(__ebp - 0x460)) + 0x51;
																				 *(__ebp - 0x12) = __ax;
																				 *(__ebp - 0x1c) = 2;
																			}
																			goto L150;
																		case 0xe:
																			goto L187;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}

0x004238ad
0x004238ad
0x004238ad
0x004238ad
0x004238ad
0x004238ad
0x004238ad
0x004238ad
0x00000000
0x00423922
0x00000000
0x00423922
0x00000000
0x00423922
0x00423922
0x0042392a
0x0042394c
0x00423952
0x00423977
0x004239be
0x004239c1
0x004239e2
0x004239e7
0x004239ec
0x004239f2
0x004239c3
0x004239c7
0x004239cc
0x004239cf
0x004239d0
0x004239d6
0x004239d6
0x00423979
0x0042397c
0x0042397f
0x004239a1
0x004239a6
0x004239ac
0x004239ad
0x004239b3
0x00423981
0x00423985
0x0042398a
0x0042398e
0x0042398f
0x00423995
0x00423995
0x004239b9
0x00423954
0x00423958
0x0042395d
0x00423960
0x00423966
0x00423966
0x0042392c
0x00423930
0x00423935
0x00423938
0x0042393e
0x0042393e
0x004239fe
0x00423a40
0x00423a46
0x00423a52
0x00000000
0x00423a00
0x00423a00
0x00423a00
0x00423a07
0x00000000
0x00423a14
0x00423a14
0x00423a22
0x00423a27
0x00423a2d
0x00423a3b
0x00423a58
0x00423a60
0x00423a82
0x00423a82
0x00423a8c
0x00423a9d
0x00423aa7
0x00423aa9
0x00423aa9
0x00423a8e
0x00423a8e
0x00423a8e
0x00423abc
0x00423abe
0x00423abe
0x00423acb
0x00423ace
0x00423ace
0x00423ad4
0x00423ad7
0x00423adc
0x00000000
0x00000000
0x00423aec
0x00423aef
0x00423af9
0x00423b08
0x00423b11
0x00423b27
0x00423b2d
0x00423b3a
0x00423b48
0x00423b48
0x00423b57
0x00423b5f
0x00423b5f
0x00423b67
0x00423b70
0x00423b79
0x00423b85
0x00423b9e
0x00423ba4
0x00423bad
0x00423bad
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00000000
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb4
0x00423d90
0x00423d94
0x00423d9c
0x00423da1
0x00423da4
0x00423da4
0x00423dab
0x00423dab
0x00422f2b
0x00422f32
0x00422f3f
0x00422f44
0x00000000
0x00422f57
0x00422f61
0x00422f88
0x00422f6f
0x00422f80
0x00422f80
0x00422f61
0x00422f92
0x00422f98
0x00422fa4
0x00422fa7
0x00422fb5
0x00422fb8
0x00422fc5
0x0042306a
0x00423070
0x0042307d
0x00000000
0x00000000
0x00423083
0x00423089
0x00000000
0x00423090
0x00423090
0x004230aa
0x004230af
0x00000000
0x00000000
0x004230b7
0x004230b7
0x004230be
0x004230c1
0x004230c4
0x004230c7
0x004230ca
0x004230cd
0x004230d0
0x004230d7
0x004230de
0x00000000
0x00000000
0x004230ea
0x004230ea
0x004230f1
0x004230fd
0x00423100
0x0042310d
0x00000000
0x00000000
0x0042310f
0x00423115
0x00423115
0x0042311c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423160
0x00423160
0x0042316a
0x00423197
0x004231a1
0x004231a1
0x004231a5
0x0042316c
0x0042316c
0x00423178
0x0042317f
0x00423184
0x00423187
0x0042318a
0x0042318d
0x0042318f
0x0042318f
0x00423192
0x00000000
0x00000000
0x004231ad
0x004231ad
0x00000000
0x00000000
0x004231b9
0x004231b9
0x004231c3
0x004231e3
0x004231e6
0x004231f0
0x004231f0
0x004231f4
0x004231c5
0x004231c5
0x004231d1
0x004231d8
0x004231da
0x004231da
0x004231e1
0x00000000
0x00000000
0x004231fc
0x004231fc
0x00423203
0x0042320f
0x00423212
0x0042321f
0x00423332
0x00000000
0x00423332
0x00423225
0x0042322b
0x0042322b
0x00423232
0x00000000
0x00423269
0x00423269
0x0042326c
0x00423272
0x00423299
0x00423299
0x0042329c
0x004232a2
0x004232c6
0x004232c6
0x004232c9
0x004232cf
0x00423308
0x00423319
0x00000000
0x00423319
0x004232d1
0x004232d1
0x004232d4
0x004232da
0x00000000
0x00000000
0x004232dc
0x004232dc
0x004232df
0x004232e5
0x00000000
0x00000000
0x004232e7
0x004232e7
0x004232ea
0x004232f0
0x00000000
0x00000000
0x004232f2
0x004232f2
0x004232f5
0x004232fb
0x00000000
0x00000000
0x004232fd
0x004232fd
0x00423300
0x00423306
0x0042330a
0x00000000
0x0042330a
0x00000000
0x00423306
0x004232a4
0x004232a4
0x004232a7
0x004232ae
0x00000000
0x004232b0
0x004232b3
0x004232b6
0x004232bc
0x004232c1
0x00000000
0x004232c1
0x004232ae
0x00423274
0x00423274
0x00423277
0x0042327e
0x00000000
0x00423280
0x00423283
0x00423286
0x0042328c
0x00423291
0x00000000
0x00423291
0x00000000
0x0042331b
0x0042331b
0x0042331e
0x00423321
0x00000000
0x00000000
0x00423239
0x00423239
0x0042323c
0x00423242
0x0042325e
0x00423261
0x00423244
0x00423244
0x00423247
0x0042324a
0x00423250
0x00423256
0x00423256
0x00000000
0x00000000
0x00423326
0x00423329
0x0042332f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423139
0x00423139
0x0042313c
0x0042313f
0x00000000
0x00000000
0x00423144
0x00423147
0x0042314d
0x00000000
0x00000000
0x0042312e
0x00423131
0x00423134
0x00000000
0x00000000
0x00423123
0x00423126
0x00423129
0x00000000
0x00000000
0x00423152
0x00423155
0x00423158
0x00000000
0x00000000
0x0042315b
0x00000000
0x00000000
0x00422fcb
0x00422fcb
0x00422fcd
0x00422fdb
0x00422fcf
0x00422fcf
0x00422fcf
0x00422feb
0x00422ff8
0x00422ffa
0x00422fff
0x00423001
0x00423006
0x0042300b
0x0042300d
0x00423012
0x00423018
0x0042301a
0x0042301a
0x00423018
0x0042301b
0x00423022
0x00000000
0x00423024
0x00423029
0x00423045
0x0042304d
0x0042305a
0x0042305f
0x00423e74
0x00423e81
0x00423e81
0x00423022
0x00422fc5
0x00423db0
0x00423db7
0x00423dce
0x00423dc2
0x00423dc2
0x00423dc2
0x00423dd8
0x00423dde
0x00423deb
0x00423ded
0x00423df2
0x00423df4
0x00423df9
0x00423dfe
0x00423e00
0x00423e05
0x00423e0b
0x00423e0d
0x00423e0d
0x00423e0b
0x00423e15
0x00423e60
0x00423e69
0x00423e6e
0x00423e17
0x00423e1c
0x00423e38
0x00423e40
0x00423e4d
0x00423e52
0x00423e52
0x00000000
0x00423e15
0x00423bba
0x00423bc0
0x00423bca
0x00423be4
0x00423bfe
0x00423c05
0x00423c09
0x00423c09
0x00423be6
0x00423beb
0x00423bef
0x00423bef
0x00423bcc
0x00423bd1
0x00423bd5
0x00423bd5
0x00423bca
0x00423c19
0x00423c25
0x00423c3b
0x00423c40
0x00423c40
0x00423c56
0x00423c5b
0x00423c64
0x00423c82
0x00423c87
0x00423c87
0x00423c8e
0x00423d48
0x00423d5b
0x00423d60
0x00000000
0x00423c9e
0x00423c9e
0x00423ca1
0x00423caa
0x00423cb0
0x00423cb0
0x00423cbf
0x00423cc7
0x00000000
0x00000000
0x00423cc9
0x00423ccc
0x00423cf1
0x00423cf6
0x00423cf9
0x00423d06
0x00423d14
0x00423d27
0x00423d2c
0x00423d3b
0x00000000
0x00423d3b
0x00423d08
0x00423d08
0x00000000
0x00423d08
0x00423d46
0x00423d63
0x00423d6a
0x00423d88
0x00423d8d
0x00423d8d
0x00000000
0x00423d6a
0x00423337
0x00423337
0x0042333e
0x00423344
0x0042334a
0x0042334d
0x00423353
0x00423360
0x00423366
0x00423366
0x0042336d
0x00000000
0x004236f1
0x004236f1
0x004236ff
0x00423702
0x00000000
0x00000000
0x00423374
0x00423377
0x0042337d
0x00423382
0x00423385
0x00423385
0x00000000
0x00000000
0x004234ba
0x004234bd
0x004234c2
0x004234c7
0x004234ca
0x004234ca
0x00000000
0x00000000
0x004238bd
0x004238bd
0x00000000
0x00000000
0x00423424
0x00423424
0x00423430
0x0042343d
0x0042344b
0x0042344b
0x00423451
0x00423454
0x00423460
0x004234b5
0x00000000
0x004234b5
0x0042343f
0x0042343f
0x00423449
0x00423465
0x00423468
0x0042346e
0x00423496
0x0042349d
0x004234a3
0x004234a6
0x004234a9
0x004234af
0x004234b2
0x00423470
0x00423470
0x00423476
0x00423479
0x0042347c
0x00423482
0x00423485
0x00423488
0x0042348a
0x0042348d
0x0042348d
0x00000000
0x0042346e
0x00000000
0x00000000
0x00423709
0x0042370c
0x0042370f
0x00423712
0x00423718
0x0042371b
0x00423726
0x00423731
0x00423735
0x0042374c
0x00423753
0x00423755
0x00423755
0x0042375c
0x00423763
0x00423771
0x00423774
0x00423783
0x0042378a
0x0042379f
0x0042378c
0x0042378c
0x0042378f
0x00423795
0x0042379a
0x0042379a
0x0042378a
0x004237a9
0x004237ac
0x004237af
0x004237b2
0x004237b5
0x004237b8
0x004237be
0x004237c4
0x004237cc
0x004237cd
0x004237d0
0x004237d1
0x004237d4
0x004237d5
0x004237dc
0x004237dd
0x004237e0
0x004237e1
0x004237e4
0x004237e5
0x004237eb
0x004237ec
0x004237fb
0x004237fd
0x00423803
0x00423808
0x00423810
0x00423818
0x00423819
0x0042381c
0x0042381d
0x0042382c
0x0042382e
0x0042382e
0x00423831
0x0042383b
0x00423840
0x00423846
0x00423848
0x00423850
0x00423851
0x00423854
0x00423855
0x00423863
0x00423865
0x00423865
0x00423846
0x00423868
0x0042386b
0x00423871
0x00423876
0x0042387b
0x00423881
0x00423884
0x00423884
0x00423887
0x00423893
0x00000000
0x00423893
0x00423737
0x00423737
0x00423741
0x00000000
0x00000000
0x00423743
0x00423743
0x00000000
0x00423743
0x00423728
0x00423728
0x00000000
0x00000000
0x00423388
0x00423388
0x00423393
0x0042339b
0x004233a2
0x004233a5
0x004233a8
0x00423408
0x004233aa
0x004233b1
0x004233b7
0x004233bd
0x004233c4
0x004233c7
0x004233cd
0x004233d5
0x004233d7
0x004233de
0x004233e5
0x004233f6
0x004233f8
0x004233f8
0x004233ff
0x0042340f
0x00423415
0x00423418
0x00000000
0x00000000
0x0042389b
0x0042389e
0x004238a1
0x004238a4
0x00000000
0x00000000
0x004235fa
0x004235fa
0x00423606
0x00423613
0x004236bd
0x004236bd
0x004236c0
0x004236c3
0x004236d7
0x004236dd
0x004236e3
0x004236c5
0x004236c5
0x004236cb
0x004236d2
0x004236d2
0x004236e5
0x00000000
0x004236e5
0x00423619
0x00423619
0x0042361b
0x00423629
0x0042361d
0x0042361d
0x0042361d
0x00423633
0x00423639
0x00423646
0x00423648
0x0042364d
0x0042364f
0x00423654
0x00423659
0x0042365b
0x00423660
0x00423666
0x00423668
0x00423668
0x00423666
0x00423670
0x004236b8
0x00000000
0x00423672
0x00423672
0x00423677
0x00423693
0x0042369b
0x004236a5
0x004236a8
0x004236ad
0x00000000
0x004236ad
0x00000000
0x00423904
0x00423904
0x0042390e
0x00423914
0x00423919
0x0042391f
0x0042391f
0x00000000
0x00000000
0x004238b6
0x004238b6
0x00000000
0x00000000
0x004234cd
0x004234d1
0x004234df
0x004234e2
0x004234d3
0x004234d3
0x004234d3
0x004234e8
0x004234ee
0x004234f4
0x00423500
0x00423506
0x00423509
0x00423591
0x00423595
0x00423597
0x0042359d
0x0042359d
0x004235a0
0x004235a7
0x004235aa
0x004235b0
0x004235b0
0x004235b0
0x004235b6
0x004235bc
0x004235bf
0x004235c7
0x00000000
0x00000000
0x004235c9
0x004235c9
0x004235cf
0x004235d4
0x00000000
0x00000000
0x004235d6
0x004235dc
0x004235df
0x004235df
0x004235e7
0x004235ed
0x004235f0
0x004235f2
0x00000000
0x0042350f
0x0042350f
0x00423513
0x00423515
0x0042351a
0x0042351a
0x0042351d
0x00423520
0x00423526
0x00423538
0x00423538
0x00423538
0x00423541
0x00000000
0x00000000
0x00423543
0x00423543
0x00423549
0x0042354e
0x00000000
0x00000000
0x00423550
0x00423550
0x00423559
0x0042355f
0x0042356d
0x00423575
0x00423578
0x00423578
0x00423584
0x00423587
0x00423532
0x00423535
0x00423535
0x0042358f
0x004235f5
0x00000000
0x004235f5
0x00000000
0x00000000
0x00000000
0x004238c9
0x004238c9
0x004238d3
0x004238d3
0x004238dd
0x004238e3
0x004238e5
0x004238ea
0x004238f4
0x004238f7
0x004238fb
0x004238fb
0x00000000
0x00000000
0x00000000
0x00000000
0x0042336d
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb0
0x00423bb0
0x00423a07
0x004239fe
0x00423922
0x00423922
0x00423922

APIs

_get_int64_arg.LIBCMTD ref: 00423930
_get_int64_arg.LIBCMTD ref: 00423958
__aullrem.LIBCMT ref: 00423B00
__aulldiv.LIBCMT ref: 00423B22

Strings

9, xrefs: 00423B33

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 439c29d4e04a1ce833b6b49374606bd3f884bf79025c66809d345735659b33f0
Instruction ID: 958585b71ec4e1e7cffd2970e66ae7bd288dbe8f9a52262c4b6f67f38b3eadf7
Opcode Fuzzy Hash: 439c29d4e04a1ce833b6b49374606bd3f884bf79025c66809d345735659b33f0
Instruction Fuzzy Hash: D74104B1E001299FDB24CF48D881BAEB7B5FB85315F5041EAE289A7201C7785E81CF19

Uniqueness

Uniqueness Score: -1.00%

Function 0040C870 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

__CrtIsValidHeapPointer.LIBCMTD ref: 0040C8B0

Strings

_CrtIsValidHeapPointer(pUserData), xrefs: 0040C8BC
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040C8C8, 0040C924
_BLOCK_TYPE_IS_VALID(pHead->nBlockUse), xrefs: 0040C918

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: HeapPointerValid
String ID: _BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$_CrtIsValidHeapPointer(pUserData)$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
API String ID: 299318057-3586192058
Opcode ID: 71556443649fd99b3a7a3c792a42e4ae5cfd4532829f3f0b64f762a2303ee93f
Instruction ID: 5b1edb8beeaa82ea09b4a9a8117f7cbc7bc9fe910757dbbae102ee13cabbe2bb
Opcode Fuzzy Hash: 71556443649fd99b3a7a3c792a42e4ae5cfd4532829f3f0b64f762a2303ee93f
Instruction Fuzzy Hash: D421A2B6E40214DBEF28DF85D886B6E7361BB08314F20463BE5057A3D1C37DD951CAAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040C89C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

__CrtIsValidHeapPointer.LIBCMTD ref: 0040C8B0

Strings

_CrtIsValidHeapPointer(pUserData), xrefs: 0040C8BC
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040C8C8, 0040C924
_BLOCK_TYPE_IS_VALID(pHead->nBlockUse), xrefs: 0040C918

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: HeapPointerValid
String ID: _BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$_CrtIsValidHeapPointer(pUserData)$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
API String ID: 299318057-3586192058
Opcode ID: ceabf39b8b49d35812d81ff8f62a672dae81e3241a830c5834adcd8c5a7438f4
Instruction ID: 0155833def7ddef434d73729feff1c49a34bdf668cde7512271d2355b5f9d1ad
Opcode Fuzzy Hash: ceabf39b8b49d35812d81ff8f62a672dae81e3241a830c5834adcd8c5a7438f4
Instruction Fuzzy Hash: F321A176A44304DBDB19CF95D886BAE7771AB09314F20427BE405BA3D2C27CD901CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0041D9F6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 26%

			E0041D9F6(signed int __eax) {
				intOrPtr _t29;
				void* _t33;
				void* _t34;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t50;

				if(__eax <  *((intOrPtr*)(_t48 + 0x10))) {
					L6:
					 *((char*)( *((intOrPtr*)(_t48 - 4)))) = 0;
					 *((intOrPtr*)(_t48 - 4)) =  *((intOrPtr*)(_t48 - 4)) - 1;
					do {
						 *((char*)(_t48 - 0xd)) =  *((intOrPtr*)( *((intOrPtr*)(_t48 - 4))));
						 *((char*)( *((intOrPtr*)(_t48 - 4)))) =  *((intOrPtr*)( *((intOrPtr*)(_t48 - 0x14))));
						 *((char*)( *((intOrPtr*)(_t48 - 0x14)))) =  *((intOrPtr*)(_t48 - 0xd));
						 *((intOrPtr*)(_t48 - 4)) =  *((intOrPtr*)(_t48 - 4)) - 1;
						 *((intOrPtr*)(_t48 - 0x14)) =  *((intOrPtr*)(_t48 - 0x14)) + 1;
					} while ( *((intOrPtr*)(_t48 - 0x14)) <  *((intOrPtr*)(_t48 - 4)));
					_t29 = 0;
					L9:
					return _t29;
				}
				_t39 =  *((intOrPtr*)(_t48 + 0xc));
				 *((char*)( *((intOrPtr*)(_t48 + 0xc)))) = 0;
				asm("sbb eax, eax");
				 *(_t48 - 0x28) =  ~__eax;
				if( *((intOrPtr*)(_t48 - 8)) ==  *((intOrPtr*)(_t48 + 0x10))) {
					_push(L"length < sizeInTChars");
					_push(0);
					_push(0x8e);
					_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\xtoa.c");
					_push(2);
					_t33 = L0040E1A0();
					_t50 = _t50 + 0x14;
					if(_t33 == 1) {
						asm("int3");
					}
				}
				if( *(_t48 - 0x28) != 0) {
					goto L6;
				} else {
					 *((intOrPtr*)(L0040EC70(_t39))) = 0x22;
					E00411A50(_t34, _t39, _t46, _t47, L"length < sizeInTChars", L"xtoa_s", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\xtoa.c", 0x8e, 0);
					_t29 = 0x22;
					goto L9;
				}
			}

0x0041d9f9
0x0041da67
0x0041da6a
0x0041da73
0x0041da76
0x0041da7b
0x0041da86
0x0041da8e
0x0041da96
0x0041da9f
0x0041daa5
0x0041daaa
0x0041daac
0x0041daaf
0x0041daaf
0x0041d9fb
0x0041d9fe
0x0041da07
0x0041da0b
0x0041da0e
0x0041da10
0x0041da15
0x0041da17
0x0041da1c
0x0041da21
0x0041da23
0x0041da28
0x0041da2e
0x0041da30
0x0041da30
0x0041da2e
0x0041da35
0x00000000
0x0041da37
0x0041da3c
0x0041da58
0x0041da60
0x00000000
0x0041da60

APIs

__invalid_parameter.LIBCMTD ref: 0041DA58

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c, xrefs: 0041DA1C, 0041DA49
xtoa_s, xrefs: 0041DA4E
length < sizeInTChars, xrefs: 0041DA10, 0041DA53

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __invalid_parameter
String ID: f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c$length < sizeInTChars$xtoa_s
API String ID: 3730194576-2777429229
Opcode ID: 24a11d41acadacee01dedb19fedbf2f675a673d4f352e5bfb49f0db0d8021383
Instruction ID: edca029c9d44909ffbe0b4d634c0b10d4f764d08702c11e1372f0c19ad9a5032
Opcode Fuzzy Hash: 24a11d41acadacee01dedb19fedbf2f675a673d4f352e5bfb49f0db0d8021383
Instruction Fuzzy Hash: AE216F74E48188EFDB11CFA8CA81BAEBBB1AF15304F344595D440BB3D1C2756E40D726

Uniqueness

Uniqueness Score: -1.00%

Function 0040C653 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 60COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0040C75D

Strings

R2s, xrefs: 0040C768
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040C677
pHead->nBlockUse == nBlockUse, xrefs: 0040C66B

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: _memset
String ID: R2s$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c$pHead->nBlockUse == nBlockUse
API String ID: 2102423945-1773448705
Opcode ID: 0463612b0868c25a9c87bda9be43d5947fc481ce5d6e1ff5036cb5e8888158fe
Instruction ID: afd5d552d4ecc52918de100c4b73e795588db5783300543a43b8b0af59cbaeff
Opcode Fuzzy Hash: 0463612b0868c25a9c87bda9be43d5947fc481ce5d6e1ff5036cb5e8888158fe
Instruction Fuzzy Hash: 62213E78A00104EFCB18CF54DA91A6A77B2BB88304F3486A9D4052B3D1C77AEE42DF95

Uniqueness

Uniqueness Score: -1.00%

Function 0040C6CE Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0040C75D

Strings

R2s, xrefs: 0040C768
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040C6DA
_pLastBlock == pHead, xrefs: 0040C6CE

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: _memset
String ID: R2s$_pLastBlock == pHead$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
API String ID: 2102423945-971578764
Opcode ID: cd7403544f14ffc4bdecc3f9a8b8cdfe6febae85ccc01601febc9bb152fded13
Instruction ID: 4465c9e611255e01e92da6841dce102d724569eb78a5a5ddb3b84ba72db861e0
Opcode Fuzzy Hash: cd7403544f14ffc4bdecc3f9a8b8cdfe6febae85ccc01601febc9bb152fded13
Instruction Fuzzy Hash: 8901A778A40104EBD714CF54D981F6AB3B2BB88304F3486AAE405673C1D375DE11DB45

Uniqueness

Uniqueness Score: -1.00%

Function 0041DAE6 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E0041DAE6(intOrPtr __ebx, void* __edx, intOrPtr __edi, intOrPtr __esi) {
				intOrPtr* _t155;
				signed int* _t157;
				signed int _t162;
				intOrPtr* _t179;
				intOrPtr _t201;
				void* _t220;
				intOrPtr _t221;
				void* _t222;
				intOrPtr _t240;
				intOrPtr _t247;
				intOrPtr _t290;
				intOrPtr _t291;
				signed int _t292;
				void* _t294;

				_t291 = __esi;
				_t290 = __edi;
				_t221 = __ebx;
				if( *(_t292 + 0x10) != 0) {
					 *(_t292 - 0x30) = 0 |  *(_t292 + 0xc) != 0x00000000;
					if( *(_t292 - 0x30) == 0) {
						_push(L"pwcs != NULL");
						_push(0);
						_push(0x66);
						_push(L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c");
						_push(2);
						_t220 = L0040E1A0();
						_t294 = _t294 + 0x14;
						if(_t220 == 1) {
							asm("int3");
						}
					}
					if( *(_t292 - 0x30) != 0) {
						_t274 =  *(_t292 + 0x14);
						L0040D2A0(_t292 - 0x20,  *(_t292 + 0x14));
						if( *(_t292 + 8) == 0) {
							_t155 = E0040D3B0(_t292 - 0x20);
							_t225 =  *_t155;
							if( *((intOrPtr*)( *_t155 + 0x14)) != 0) {
								_t227 = _t292 - 0x20;
								_t157 = E0040D3B0(_t292 - 0x20);
								_t274 =  *_t157;
								 *(_t292 - 4) = WideCharToMultiByte( *( *_t157 + 4), 0,  *(_t292 + 0xc), 0xffffffff, 0, 0, 0, _t292 - 0x10);
								if( *(_t292 - 4) == 0 ||  *(_t292 - 0x10) != 0) {
									 *((intOrPtr*)(L0040EC70(_t227))) = 0x2a;
									 *(_t292 - 0x68) = 0xffffffff;
									E0040D380(_t292 - 0x20);
									_t162 =  *(_t292 - 0x68);
								} else {
									 *(_t292 - 0x6c) =  *(_t292 - 4) - 1;
									E0040D380(_t292 - 0x20);
									_t162 =  *(_t292 - 0x6c);
								}
							} else {
								_t274 =  *(_t292 + 0xc);
								 *(_t292 - 0x64) = E00418B40(_t225,  *(_t292 + 0xc));
								E0040D380(_t292 - 0x20);
								_t162 =  *(_t292 - 0x64);
							}
						} else {
							if( *((intOrPtr*)( *((intOrPtr*)(E0040D3B0(_t292 - 0x20))) + 0x14)) != 0) {
								if( *((intOrPtr*)( *((intOrPtr*)(E0040D3B0(_t292 - 0x20))) + 0xac)) != 1) {
									_t240 =  *((intOrPtr*)(E0040D3B0(_t292 - 0x20)));
									_t274 =  *(_t240 + 4);
									 *(_t292 - 4) = WideCharToMultiByte( *(_t240 + 4), 0,  *(_t292 + 0xc), 0xffffffff,  *(_t292 + 8),  *(_t292 + 0x10), 0, _t292 - 0x10);
									if( *(_t292 - 4) == 0 ||  *(_t292 - 0x10) != 0) {
										if( *(_t292 - 0x10) != 0 || GetLastError() != 0x7a) {
											 *((intOrPtr*)(L0040EC70(_t240))) = 0x2a;
											 *(_t292 - 0x4c) = 0xffffffff;
											E0040D380(_t292 - 0x20);
											_t162 =  *(_t292 - 0x4c);
										} else {
											while( *(_t292 - 4) <  *(_t292 + 0x10)) {
												_t179 = E0040D3B0(_t292 - 0x20);
												_t247 =  *((intOrPtr*)(E0040D3B0(_t292 - 0x20)));
												_t274 =  *(_t247 + 4);
												 *((intOrPtr*)(_t292 - 0xc)) = WideCharToMultiByte( *(_t247 + 4), 0,  *(_t292 + 0xc), 1, _t292 - 0x2c,  *( *_t179 + 0xac), 0, _t292 - 0x10);
												if( *((intOrPtr*)(_t292 - 0xc)) == 0 ||  *(_t292 - 0x10) != 0) {
													 *((intOrPtr*)(L0040EC70(_t247))) = 0x2a;
													 *(_t292 - 0x50) = 0xffffffff;
													E0040D380(_t292 - 0x20);
													_t162 =  *(_t292 - 0x50);
												} else {
													if( *((intOrPtr*)(_t292 - 0xc)) < 0 ||  *((intOrPtr*)(_t292 - 0xc)) > 5) {
														 *((intOrPtr*)(L0040EC70(_t247))) = 0x2a;
														 *(_t292 - 0x54) = 0xffffffff;
														E0040D380(_t292 - 0x20);
														_t162 =  *(_t292 - 0x54);
													} else {
														if( *(_t292 - 4) +  *((intOrPtr*)(_t292 - 0xc)) <=  *(_t292 + 0x10)) {
															 *(_t292 - 8) = 0;
															while( *(_t292 - 8) <  *((intOrPtr*)(_t292 - 0xc))) {
																( *(_t292 + 8))[ *(_t292 - 4)] =  *((intOrPtr*)(_t292 +  *(_t292 - 8) - 0x2c));
																_t274 =  &(( *(_t292 + 8))[ *(_t292 - 4)]);
																if(( *(_t292 + 8))[ *(_t292 - 4)] != 0) {
																	 *(_t292 - 8) =  *(_t292 - 8) + 1;
																	 *(_t292 - 4) =  *(_t292 - 4) + 1;
																	continue;
																}
																 *(_t292 - 0x5c) =  *(_t292 - 4);
																E0040D380(_t292 - 0x20);
																_t162 =  *(_t292 - 0x5c);
																goto L55;
															}
															_t274 =  &(( *(_t292 + 0xc))[1]);
															 *(_t292 + 0xc) =  &(( *(_t292 + 0xc))[1]);
															continue;
														}
														 *(_t292 - 0x58) =  *(_t292 - 4);
														E0040D380(_t292 - 0x20);
														_t162 =  *(_t292 - 0x58);
													}
												}
												goto L55;
											}
											 *(_t292 - 0x60) =  *(_t292 - 4);
											E0040D380(_t292 - 0x20);
											_t162 =  *(_t292 - 0x60);
										}
									} else {
										 *(_t292 - 0x48) =  *(_t292 - 4) - 1;
										E0040D380(_t292 - 0x20);
										_t162 =  *(_t292 - 0x48);
									}
									goto L55;
								}
								if( *(_t292 + 0x10) > 0) {
									 *(_t292 + 0x10) = E0041DF50( *(_t292 + 0xc),  *(_t292 + 0x10));
								}
								_t274 =  *(_t292 + 0xc);
								_t201 =  *((intOrPtr*)(E0040D3B0(_t292 - 0x20)));
								_t260 =  *(_t201 + 4);
								 *(_t292 - 4) = WideCharToMultiByte( *(_t201 + 4), 0,  *(_t292 + 0xc),  *(_t292 + 0x10),  *(_t292 + 8),  *(_t292 + 0x10), 0, _t292 - 0x10);
								if( *(_t292 - 4) == 0 ||  *(_t292 - 0x10) != 0) {
									 *((intOrPtr*)(L0040EC70(_t260))) = 0x2a;
									 *(_t292 - 0x44) = 0xffffffff;
									E0040D380(_t292 - 0x20);
									_t162 =  *(_t292 - 0x44);
								} else {
									if( *((char*)( &(( *(_t292 + 8))[ *(_t292 - 4)]) - 1)) == 0) {
										 *(_t292 - 4) =  *(_t292 - 4) - 1;
									}
									_t274 =  *(_t292 - 4);
									 *(_t292 - 0x40) =  *(_t292 - 4);
									E0040D380(_t292 - 0x20);
									_t162 =  *(_t292 - 0x40);
								}
								goto L55;
							} else {
								goto L10;
							}
							while(1) {
								L10:
								_t265 =  *(_t292 - 4);
								if( *(_t292 - 4) >=  *(_t292 + 0x10)) {
									break;
								}
								_t274 =  *(_t292 + 0xc);
								if(( *( *(_t292 + 0xc)) & 0x0000ffff) <= 0xff) {
									( *(_t292 + 8))[ *(_t292 - 4)] =  *( *(_t292 + 0xc));
									_t274 =  *( *(_t292 + 0xc)) & 0x0000ffff;
									 *(_t292 + 0xc) =  &(( *(_t292 + 0xc))[1]);
									if(( *( *(_t292 + 0xc)) & 0x0000ffff) != 0) {
										_t274 =  *(_t292 - 4) + 1;
										 *(_t292 - 4) =  *(_t292 - 4) + 1;
										continue;
									}
									 *(_t292 - 0x38) =  *(_t292 - 4);
									E0040D380(_t292 - 0x20);
									_t162 =  *(_t292 - 0x38);
									goto L55;
								}
								 *((intOrPtr*)(L0040EC70(_t265))) = 0x2a;
								 *(_t292 - 0x34) = 0xffffffff;
								E0040D380(_t292 - 0x20);
								_t162 =  *(_t292 - 0x34);
								goto L55;
							}
							 *(_t292 - 0x3c) =  *(_t292 - 4);
							E0040D380(_t292 - 0x20);
							_t162 =  *(_t292 - 0x3c);
						}
					} else {
						 *((intOrPtr*)(L0040EC70(_t222))) = 0x16;
						_t162 = E00411A50(_t221, _t222, _t290, _t291, L"pwcs != NULL", L"_wcstombs_l_helper", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\wcstombs.c", 0x66, 0) | 0xffffffff;
					}
					goto L55;
				} else {
					_t162 = 0;
					L55:
					return E00416CA0(_t162, _t221,  *(_t292 - 0x24) ^ _t292, _t274, _t290, _t291);
				}
			}

0x0041dae6
0x0041dae6
0x0041dae6
0x0041daea
0x0041dafc
0x0041db03
0x0041db05
0x0041db0a
0x0041db0c
0x0041db0e
0x0041db13
0x0041db15
0x0041db1a
0x0041db20
0x0041db22
0x0041db22
0x0041db20
0x0041db27
0x0041db57
0x0041db5e
0x0041db67
0x0041de9e
0x0041dea3
0x0041dea9
0x0041dedb
0x0041dede
0x0041dee3
0x0041deef
0x0041def6
0x0041df03
0x0041df09
0x0041df13
0x0041df18
0x0041df1d
0x0041df23
0x0041df29
0x0041df2e
0x0041df2e
0x0041deab
0x0041deab
0x0041deb7
0x0041debd
0x0041dec2
0x0041dec2
0x0041db6d
0x0041db7b
0x0041dc25
0x0041dcf1
0x0041dcf3
0x0041dcfd
0x0041dd04
0x0041dd29
0x0041dd3b
0x0041dd41
0x0041dd4b
0x0041dd50
0x0041dd58
0x0041dd58
0x0041dd6d
0x0041dd8f
0x0041dd91
0x0041dd9b
0x0041dda2
0x0041ddaf
0x0041ddb5
0x0041ddbf
0x0041ddc4
0x0041ddcc
0x0041ddd0
0x0041dddd
0x0041dde3
0x0041dded
0x0041ddf2
0x0041ddfa
0x0041de03
0x0041de1b
0x0041de36
0x0041de4b
0x0041de50
0x0041de58
0x0041de2a
0x0041de33
0x00000000
0x0041de33
0x0041de5d
0x0041de63
0x0041de68
0x00000000
0x0041de68
0x0041de75
0x0041de78
0x00000000
0x0041de78
0x0041de08
0x0041de0e
0x0041de13
0x0041de13
0x0041ddd0
0x00000000
0x0041dda2
0x0041de83
0x0041de89
0x0041de8e
0x0041de8e
0x0041dd0c
0x0041dd12
0x0041dd18
0x0041dd1d
0x0041dd1d
0x00000000
0x0041dd04
0x0041dc2f
0x0041dc41
0x0041dc41
0x0041dc56
0x0041dc64
0x0041dc66
0x0041dc70
0x0041dc77
0x0041dcb1
0x0041dcb7
0x0041dcc1
0x0041dcc6
0x0041dc7f
0x0041dc8b
0x0041dc93
0x0041dc93
0x0041dc96
0x0041dc99
0x0041dc9f
0x0041dca4
0x0041dca4
0x00000000
0x00000000
0x00000000
0x00000000
0x0041db81
0x0041db81
0x0041db81
0x0041db87
0x00000000
0x00000000
0x0041db89
0x0041db94
0x0041dbc3
0x0041dbc8
0x0041dbd1
0x0041dbd6
0x0041dbf1
0x0041dbf4
0x00000000
0x0041dbf4
0x0041dbdb
0x0041dbe1
0x0041dbe6
0x00000000
0x0041dbe6
0x0041db9b
0x0041dba1
0x0041dbab
0x0041dbb0
0x00000000
0x0041dbb0
0x0041dbfc
0x0041dc02
0x0041dc07
0x0041dc07
0x0041db29
0x0041db2e
0x0041db4f
0x0041db4f
0x00000000
0x0041daec
0x0041daec
0x0041df3b
0x0041df48
0x0041df48

APIs

__invalid_parameter.LIBCMTD ref: 0041DB47

Strings

_wcstombs_l_helper, xrefs: 0041DB3D
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c, xrefs: 0041DB0E, 0041DB38
pwcs != NULL, xrefs: 0041DB05, 0041DB42

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __invalid_parameter
String ID: _wcstombs_l_helper$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c$pwcs != NULL
API String ID: 3730194576-2632876063
Opcode ID: 566d9d42dcf31c5855311778aa41cbc017b8c7581bc19c1412051696f35e9765
Instruction ID: 07a12f909f92b034a60d311c56d3d9fcb57e7cbb446dde79f24c9245b4a995d4
Opcode Fuzzy Hash: 566d9d42dcf31c5855311778aa41cbc017b8c7581bc19c1412051696f35e9765
Instruction Fuzzy Hash: 63F0C8B0F98308BAEB20AE60CC03B9E36506B14768F11052BF407352C2D3BD5790CA5A

Uniqueness

Uniqueness Score: -1.00%

Function 0041D78A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 17COMMON

Download Yara Rule

APIs

__invalid_parameter.LIBCMTD ref: 0041D7AC

Part of subcall function 00411A50: __encode_pointer.LIBCMTD ref: 00411A62

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c, xrefs: 0041D79D
buf != NULL, xrefs: 0041D7A7
xtoa_s, xrefs: 0041D7A2

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __encode_pointer__invalid_parameter
String ID: buf != NULL$f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c$xtoa_s
API String ID: 1891725282-2409497104
Opcode ID: d2bdb250bb8a3d086e99092350d04cb397b5c80925b06a7963bd95bec98ddc70
Instruction ID: c3a3a00e246c73098093f5b196c7d583bd9402844ce9ee23c23fb16fae2947f0
Opcode Fuzzy Hash: d2bdb250bb8a3d086e99092350d04cb397b5c80925b06a7963bd95bec98ddc70
Instruction Fuzzy Hash: CAD02EB4FAC3C216D21292180C12B69BE004B41328F2903DBA482254E3C69E08A0A27B

Uniqueness

Uniqueness Score: -1.00%

Function 0041C504 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E0041C504(void* __edx) {
				void* _t62;

				asm("clc");
				 *((intOrPtr*)(_t62 + 0x31)) =  *((intOrPtr*)(_t62 + 0x31)) + __edx;
			}

0x0041c504
0x0041c505

APIs

__invalid_parameter.LIBCMTD ref: 0041C529

Part of subcall function 00411A50: __encode_pointer.LIBCMTD ref: 00411A62

Strings

_vsprintf_s_l, xrefs: 0041C51F
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c, xrefs: 0041C51A
format != NULL, xrefs: 0041C524

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __encode_pointer__invalid_parameter
String ID: _vsprintf_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c$format != NULL
API String ID: 1891725282-3037862745
Opcode ID: 322b760685bc80613662205eeefc6cc80aca62a44ff867e95991e471e14ff72c
Instruction ID: 628037e800aa410f24e47f392bda50ec61bd8dffc0b11d5c797509e737c37f73
Opcode Fuzzy Hash: 322b760685bc80613662205eeefc6cc80aca62a44ff867e95991e471e14ff72c
Instruction Fuzzy Hash: 21D0A730ECC34436E1206A254C03B9439004B027B8F210A97B82A350D3D5FA1850065F

Uniqueness

Uniqueness Score: -1.00%

Function 0041EDAA Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 16COMMON

Download Yara Rule

APIs

__invalid_parameter.LIBCMTD ref: 0041EDCC

Part of subcall function 00411A50: __encode_pointer.LIBCMTD ref: 00411A62

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c, xrefs: 0041EDBD
buf != NULL, xrefs: 0041EDC7
xtow_s, xrefs: 0041EDC2

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __encode_pointer__invalid_parameter
String ID: buf != NULL$f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c$xtow_s
API String ID: 1891725282-2536889810
Opcode ID: 35cc88a0cabb80403438ba4f7531a9bda5d4c9fd4119f80382a4b051a03fa730
Instruction ID: db9059bc8f816e3dba32da687808bbf188126d26b6403a916222724d74c78c3e
Opcode Fuzzy Hash: 35cc88a0cabb80403438ba4f7531a9bda5d4c9fd4119f80382a4b051a03fa730
Instruction Fuzzy Hash: E1D097A1FDD3C52BD210A2100C23B407E400751734F2843EBEA833A1D3E08E08A0832B

Uniqueness

Uniqueness Score: -1.00%

Function 0041D8AE Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041D8AE(void* __edx) {
				void* _t86;

				 *((intOrPtr*)(_t86 + 0x30)) =  *((intOrPtr*)(_t86 + 0x30)) + __edx;
			}

0x0041d8ae

APIs

__invalid_parameter.LIBCMTD ref: 0041D8CF

Part of subcall function 00411A50: __encode_pointer.LIBCMTD ref: 00411A62

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c, xrefs: 0041D8C0
xtoa_s, xrefs: 0041D8C5
sizeInTChars > (size_t)(is_neg ? 2 : 1), xrefs: 0041D8CA

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __encode_pointer__invalid_parameter
String ID: f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c$sizeInTChars > (size_t)(is_neg ? 2 : 1)$xtoa_s
API String ID: 1891725282-3452215162
Opcode ID: d0a270f899788e98081a47b08cf84b2f04e990bf1cc3c9592250918596ff388d
Instruction ID: 5a7c816d186596320a1e383f5ad7e6c14c14821dc40c5b7d97638e9195be10ea
Opcode Fuzzy Hash: d0a270f899788e98081a47b08cf84b2f04e990bf1cc3c9592250918596ff388d
Instruction Fuzzy Hash: 49D0A9F1ACC28436F210A6808C03F613A008B01B48F2001ABBA023A1E3C2BE182052AF

Uniqueness

Uniqueness Score: -1.00%

Function 0041D92A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041D92A(void* __edx) {
				void* _t76;

				 *((intOrPtr*)(_t76 + 0x30)) =  *((intOrPtr*)(_t76 + 0x30)) + __edx;
			}

0x0041d92a

APIs

__invalid_parameter.LIBCMTD ref: 0041D94B

Part of subcall function 00411A50: __encode_pointer.LIBCMTD ref: 00411A62

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c, xrefs: 0041D93C
2 <= radix && radix <= 36, xrefs: 0041D946
xtoa_s, xrefs: 0041D941

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __encode_pointer__invalid_parameter
String ID: 2 <= radix && radix <= 36$f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c$xtoa_s
API String ID: 1891725282-3387664789
Opcode ID: b49177a0045a0007ece1540ea11b4fc2d3c04cc8c409c70db49722d608d75168
Instruction ID: 92ce1eaebc2c1a833829505997e160737258d0c31aa558e0215d0a38c1a538a4
Opcode Fuzzy Hash: b49177a0045a0007ece1540ea11b4fc2d3c04cc8c409c70db49722d608d75168
Instruction Fuzzy Hash: EAD0C7F1FDD24825F621A6515C03F953A005B12749F1101ABB906391D3D5BE5460627F

Uniqueness

Uniqueness Score: -1.00%

Function 0041C585 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041C585(void* __edx) {
				void* _t52;

				 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + __edx;
			}

0x0041c585

APIs

__invalid_parameter.LIBCMTD ref: 0041C5A9

Part of subcall function 00411A50: __encode_pointer.LIBCMTD ref: 00411A62

Strings

_vsprintf_s_l, xrefs: 0041C59F
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c, xrefs: 0041C59A
string != NULL && sizeInBytes > 0, xrefs: 0041C5A4

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __encode_pointer__invalid_parameter
String ID: _vsprintf_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c$string != NULL && sizeInBytes > 0
API String ID: 1891725282-654162117
Opcode ID: 7fe7b2465ef742eac8168ada1e321872cddadd621cc3d591acd450b18f45787a
Instruction ID: 4dacf4282536173bffe575c6138c64a513d4483f34700c933e6c95b6d7ef8e9b
Opcode Fuzzy Hash: 7fe7b2465ef742eac8168ada1e321872cddadd621cc3d591acd450b18f45787a
Instruction Fuzzy Hash: B3D0A930ECC34432E2206A254C03B9839004B12BB8F210AABB82A390D3DAFA28500A5F

Uniqueness

Uniqueness Score: -1.00%

Function 0041EE0D Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041EE0D(void* __edx) {
				void* _t102;

				 *((intOrPtr*)(_t102 + 0x30)) =  *((intOrPtr*)(_t102 + 0x30)) + __edx;
			}

0x0041ee0d

APIs

__invalid_parameter.LIBCMTD ref: 0041EE2E

Part of subcall function 00411A50: __encode_pointer.LIBCMTD ref: 00411A62

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c, xrefs: 0041EE1F
sizeInTChars > 0, xrefs: 0041EE29
xtow_s, xrefs: 0041EE24

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __encode_pointer__invalid_parameter
String ID: f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c$sizeInTChars > 0$xtow_s
API String ID: 1891725282-3498855903
Opcode ID: 1840e0a3095f99ae0edfec1b730a8e068079f152657af4a486b2479273f79c49
Instruction ID: f0bf477a47c99ca63e0d992981e8ac52a660d154a018b90736f974092d70032b
Opcode Fuzzy Hash: 1840e0a3095f99ae0edfec1b730a8e068079f152657af4a486b2479273f79c49
Instruction Fuzzy Hash: E0D0A7B1BCC24831F22056445C03F952D004701748F1000ABF9023A1D3C1BF1460526B

Uniqueness

Uniqueness Score: -1.00%

Function 0041EED2 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041EED2(void* __edx) {
				void* _t84;

				 *((intOrPtr*)(_t84 + 0x30)) =  *((intOrPtr*)(_t84 + 0x30)) + __edx;
			}

0x0041eed2

APIs

__invalid_parameter.LIBCMTD ref: 0041EEF3

Part of subcall function 00411A50: __encode_pointer.LIBCMTD ref: 00411A62

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c, xrefs: 0041EEE4
sizeInTChars > (size_t)(is_neg ? 2 : 1), xrefs: 0041EEEE
xtow_s, xrefs: 0041EEE9

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __encode_pointer__invalid_parameter
String ID: f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c$sizeInTChars > (size_t)(is_neg ? 2 : 1)$xtow_s
API String ID: 1891725282-3580838072
Opcode ID: afa398a1a3961c252205402fa949022d0487cbc946a51a9879f306f4dca6f294
Instruction ID: 8a62ed627fc42f169bb6c9f5f14839390a3d55d7adab433dad4f86b9f2e41c9d
Opcode Fuzzy Hash: afa398a1a3961c252205402fa949022d0487cbc946a51a9879f306f4dca6f294
Instruction Fuzzy Hash: 8DD0A9B1BCC28436F21066808C03F912E008B01B04F2040ABFA023A2D3C2BE186082AB

Uniqueness

Uniqueness Score: -1.00%

Function 0041D7ED Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041D7ED(void* __edx) {
				void* _t104;

				 *((intOrPtr*)(_t104 + 0x30)) =  *((intOrPtr*)(_t104 + 0x30)) + __edx;
			}

0x0041d7ed

APIs

__invalid_parameter.LIBCMTD ref: 0041D80E

Part of subcall function 00411A50: __encode_pointer.LIBCMTD ref: 00411A62

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c, xrefs: 0041D7FF
sizeInTChars > 0, xrefs: 0041D809
xtoa_s, xrefs: 0041D804

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __encode_pointer__invalid_parameter
String ID: f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c$sizeInTChars > 0$xtoa_s
API String ID: 1891725282-3358036509
Opcode ID: 36f2c834f24085adde040b745e4e66c097c19a790211469810769180e1c808b0
Instruction ID: 56c9fd98e9927e458d6694c38ce333e52e3baf99f138fe1bd735b19087b51392
Opcode Fuzzy Hash: 36f2c834f24085adde040b745e4e66c097c19a790211469810769180e1c808b0
Instruction Fuzzy Hash: F0D0C9F5EDD28866F620AA555C03FA63A004B11B88F2111ABB9463A1E3D6BE5460627F

Uniqueness

Uniqueness Score: -1.00%

Function 0041EF51 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041EF51() {
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t7;

				 *((intOrPtr*)(L0040EC70(_t5))) = 0x16;
				E00411A50(_t4, _t5, _t6, _t7, L"2 <= radix && radix <= 36", L"xtow_s", L"f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\xtoa.c", 0x6a, 0);
				return 0x16;
			}

0x0041ef56
0x0041ef6f
0x0041f0e4

APIs

__invalid_parameter.LIBCMTD ref: 0041EF6F

Part of subcall function 00411A50: __encode_pointer.LIBCMTD ref: 00411A62

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c, xrefs: 0041EF60
2 <= radix && radix <= 36, xrefs: 0041EF6A
xtow_s, xrefs: 0041EF65

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: __encode_pointer__invalid_parameter
String ID: 2 <= radix && radix <= 36$f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c$xtow_s
API String ID: 1891725282-3510662743
Opcode ID: 6aeca979d55f4d88afd38f1de064b94d875276e8d60bf6503d074b4f327bd7ba
Instruction ID: f49c66fd29836c007ef7925124d75894cfe99151e245a1efd7ee498934f59a42
Opcode Fuzzy Hash: 6aeca979d55f4d88afd38f1de064b94d875276e8d60bf6503d074b4f327bd7ba
Instruction Fuzzy Hash: E8D012B1FDC20825F22065415C03F922E004712B49F2141B7F9033A2D3D5BF146062BF

Uniqueness

Uniqueness Score: -1.00%

Function 004104AA Relevance: 6.0, APIs: 4, Instructions: 32
threadCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E004104AA(intOrPtr __eax) {
				void* _t10;
				intOrPtr _t11;
				intOrPtr _t16;
				void* _t21;

				 *((intOrPtr*)(_t21 - 8)) = __eax;
				if( *((intOrPtr*)(_t21 - 8)) == 0) {
					L2:
					E00410510();
					_t10 = 0;
				} else {
					_push( *((intOrPtr*)(_t21 - 8)));
					_t11 =  *0x60a9d8; // 0x4
					_push(_t11);
					_t16 =  *0x632ad4; // 0xee91e9b5
					if( *((intOrPtr*)(E00410200(_t16)))() != 0) {
						E00410570(_t16,  *((intOrPtr*)(_t21 - 8)), 0);
						 *((intOrPtr*)( *((intOrPtr*)(_t21 - 8)))) = GetCurrentThreadId();
						 *((intOrPtr*)( *((intOrPtr*)(_t21 - 8)) + 4)) = 0xffffffff;
						_t10 = 1;
					} else {
						goto L2;
					}
				}
				return _t10;
			}

0x004104ad
0x004104b4
0x004104d5
0x004104d5
0x004104da
0x004104b6
0x004104b9
0x004104ba
0x004104bf
0x004104c0
0x004104d3
0x004104e4
0x004104f5
0x004104fa
0x00410501
0x00000000
0x00000000
0x00000000
0x004104d3
0x00410509

APIs

__encode_pointer.LIBCMTD ref: 004104C7

Part of subcall function 00410200: TlsGetValue.KERNEL32(00000005,00410476,F691E9B5), ref: 00410215
Part of subcall function 00410200: TlsGetValue.KERNEL32(00000005,00000004), ref: 00410236
Part of subcall function 00410200: __crt_wait_module_handle.LIBCMTD ref: 0041024C
Part of subcall function 00410200: GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 00410266

__mtterm.LIBCMTD ref: 004104D5
__initptd.LIBCMTD ref: 004104E4
GetCurrentThreadId.KERNEL32 ref: 004104EC

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: Value$AddressCurrentProcThread__crt_wait_module_handle__encode_pointer__initptd__mtterm
String ID:
API String ID: 1673568325-0
Opcode ID: 58a6d7d5467568c2be3edd66179b6750a85d7e0e907d75766569a7b7789cf334
Instruction ID: 7dd2e60229a4f01348382bcd1d10e6602593eebe682236705e0122473f4febb6
Opcode Fuzzy Hash: 58a6d7d5467568c2be3edd66179b6750a85d7e0e907d75766569a7b7789cf334
Instruction Fuzzy Hash: B8F0B4B4A00205BBC710EFA4DC816DFBB71AB48314F104299F905A7391EA75D5C0CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040C2CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON

Download Yara Rule

APIs

__CrtCheckMemory.LIBCMTD ref: 0040C2DF

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040C2F4
_CrtCheckMemory(), xrefs: 0040C2E8

Memory Dump Source

Source File: 00000000.00000002.254379313.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.254298173.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.254460883.0000000000427000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255654257.000000000060A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255687103.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.255765961.0000000000635000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_mzQcZawXvh.jbxd

Similarity

API ID: CheckMemory
String ID: _CrtCheckMemory()$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
API String ID: 2067751306-2660621803
Opcode ID: 431dc643eca537113b0f4834f27ad962c1a9b4d6646ad9a6494bd298d7658b0c
Instruction ID: 06f23a89ae9568b2075e5d7787c1d880a0c8a93a3f6affb714320c5db787684b
Opcode Fuzzy Hash: 431dc643eca537113b0f4834f27ad962c1a9b4d6646ad9a6494bd298d7658b0c
Instruction Fuzzy Hash: A6F02B3054220ECBEF248F12EED27363255E780308F20E737EC04B62D1E27CA450458E

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: mzQcZawXvh.exePID: 5012, Parent PID: 5872COMMON

Execution Graph

Execution Coverage:	3.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.7%
Total number of Nodes:	733
Total number of Limit Nodes:	35

Executed Functions

Function 0047DA23 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105
threadlibrarynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 0047DA28
GetModuleHandleA.KERNEL32(?,00000000,?,?,00000000,00000000), ref: 0047DAD7
GetProcAddress.KERNEL32(00000000), ref: 0047DADE
GetCurrentThread.KERNEL32 ref: 0047DB16
NtSetInformationThread.NTDLL(?,00000011,00000000,00000000,?,?,00000000,00000000), ref: 0047DB1D

Strings

A, xrefs: 0047DAA1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Thread$AddressCurrentH_prologHandleInformationModuleProc
String ID: A
API String ID: 2756751113-3554254475
Opcode ID: be64283b3c99eb43cfab408730693492dcc37ded62b0fa0dcaa4628b277c118a
Instruction ID: 44a9092eb4fce4f9afff90697c039c15edd499dcc9c00362b295a7f757c6932a
Opcode Fuzzy Hash: be64283b3c99eb43cfab408730693492dcc37ded62b0fa0dcaa4628b277c118a
Instruction Fuzzy Hash: 01312471D153499ADB10CFFD99806EDFBB8BF65304F10517EE809AB201E7749E488724

Uniqueness

Uniqueness Score: -1.00%

Function 0044DE59 Relevance: 9.1, APIs: 6, Instructions: 149
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 0044DE5E
new.LIBCMT ref: 0044DE84
GetModuleHandleA.KERNEL32(?,?,?,?,00000000), ref: 0044DEEB
GetProcAddress.KERNEL32(?,?), ref: 0044DF6C
GetSystemInfo.KERNELBASE(?,?,?,?,?,?,?,00000000), ref: 0044DFC6
GetProductInfo.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 0044DFD8

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Info$AddressH_prologHandleModuleProcProductSystem
String ID:
API String ID: 1760484215-0
Opcode ID: 5b3f3d485b9ea022324a646840839423c089f44138266fba638109602895a35c
Instruction ID: 0b433a4e069d78135e3db23fed4c592dc4d79eab52225e25e556f3b17f67ecdd
Opcode Fuzzy Hash: 5b3f3d485b9ea022324a646840839423c089f44138266fba638109602895a35c
Instruction Fuzzy Hash: 0B513B32D04349AAEB11DFB8DC81AEEFBB4FF55310F10412EE949A7252EB345A888710

Uniqueness

Uniqueness Score: -1.00%

Function 00471490 Relevance: 3.1, APIs: 2, Instructions: 79COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00471495
GetUserNameW.ADVAPI32(00000000,?), ref: 004714E1

Part of subcall function 00461197: __EH_prolog.LIBCMT ref: 0046119C

Part of subcall function 004AB703: std::_Deallocate.LIBCONCRT ref: 004AB733

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$DeallocateNameUserstd::_
String ID:
API String ID: 1695679120-0
Opcode ID: 0b6644eb9846197ec39195b45731547c1c4120041d841a2dcf73801215e78122
Instruction ID: d655e893a5e8ff1d491b0e6926b5f2c26dfcdca79071f98dadbf90846d52d241
Opcode Fuzzy Hash: 0b6644eb9846197ec39195b45731547c1c4120041d841a2dcf73801215e78122
Instruction Fuzzy Hash: 2A218D71D042489FDB14EFACD985AEEBBF8EF09704F10456EE006E7281DBB45A05CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00415782 Relevance: 1.6, APIs: 1, Instructions: 58networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32(?,?,?,?,?,00000000,00000000), ref: 004157A1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: c62c7c3c7b8fe5f77f2d802cc1d1c4721b2ce0b15eb23c3f888527f01b87accb
Instruction ID: 5bea4bdaf11f897f62dfeb54fd0e94af83be17af8b353cdab7f5e046acebae1d
Opcode Fuzzy Hash: c62c7c3c7b8fe5f77f2d802cc1d1c4721b2ce0b15eb23c3f888527f01b87accb
Instruction Fuzzy Hash: 1211E5B1A0070AEFDB208F95C8824FBF768EB80764F20416BF82553380D7785D908795

Uniqueness

Uniqueness Score: -1.00%

Function 00571F0B Relevance: 52.7, APIs: 3, Strings: 27, Instructions: 171
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00571F10
new.LIBCMT ref: 00571F37

Part of subcall function 005717F8: __EH_prolog.LIBCMT ref: 005717FD
Part of subcall function 005717F8: new.LIBCMT ref: 0057182A
Part of subcall function 005717F8: InitializeCriticalSection.KERNEL32(0000001C,00000000,007A4460,?,?,00571F4A,?,?,?,0040F09B), ref: 0057184D
Part of subcall function 005717F8: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00571F4A,?,?,?,0040F09B), ref: 00571864

_wprintf.LEGACY_STDIO_DEFINITIONS ref: 00571F78

Strings

IYUV, xrefs: 00571FE2
UYVY, xrefs: 00571FF0
YUYV, xrefs: 00571FD9
YV12, xrefs: 00571FFE
Y41P, xrefs: 00572028
YUYV, xrefs: 00571FD4
YVYU, xrefs: 00571FCB
AYUV, xrefs: 00572053
Y211, xrefs: 0057203B
AYUV, xrefs: 00572058
YUY2, xrefs: 00571FBD
MJPG, xrefs: 00572066
UYVY, xrefs: 00571FF5
YUY2, xrefs: 00571FB8
I420, xrefs: 0057209E
YV12, xrefs: 00572003
YVU9, xrefs: 00572011
MJPG, xrefs: 00572061
Y411, xrefs: 0057201F
Y411, xrefs: 0057201A
YVYU, xrefs: 00571FC6
I420, xrefs: 00572099
Y41P, xrefs: 0057202D
YVU9, xrefs: 0057200C
IYUV, xrefs: 00571FE7
Y211, xrefs: 00572036
***** VIDEOINPUT LIBRARY - %2.04f - TFW07 *****, xrefs: 00571F73

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$CreateCriticalEventInitializeSection_wprintf
String ID: ***** VIDEOINPUT LIBRARY - %2.04f - TFW07 *****$AYUV$AYUV$I420$I420$IYUV$IYUV$MJPG$MJPG$UYVY$UYVY$Y211$Y211$Y411$Y411$Y41P$Y41P$YUY2$YUY2$YUYV$YUYV$YV12$YV12$YVU9$YVU9$YVYU$YVYU
API String ID: 550282347-3367503751
Opcode ID: 14738bc5c8039185295264d065c2f7682aa518b2c46b38245d9382e2969ddd98
Instruction ID: f9716c8469a36a553641a67d4dd0ff90e87979c69e3c6f18fd75f9a9b42338b5
Opcode Fuzzy Hash: 14738bc5c8039185295264d065c2f7682aa518b2c46b38245d9382e2969ddd98
Instruction Fuzzy Hash: B941F762D00D9487D713CF48A8063436AA3AFD7B24B1A8275BD182F250E7FF8D9296C4

Uniqueness

Uniqueness Score: -1.00%

Function 00414734 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 121
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00414B24,00000000,00000000,?,?,00000000,00000000), ref: 00414749
GetLastError.KERNEL32(?,?,00414B24,00000000,00000000,?,?,00000000,00000000), ref: 0041475B

Part of subcall function 0041037A: __EH_prolog.LIBCMT ref: 0041037F

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00414B24,00000000,00000000,?,?,00000000,00000000), ref: 0041479E
GetLastError.KERNEL32(?,?,00414B24,00000000,00000000,?,?,00000000,00000000), ref: 004147B0
GetLastError.KERNEL32(?,?,?,?,?,?,?,00414B24,00000000), ref: 00414816
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00414B24,00000000), ref: 0041482C
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00414B24,00000000), ref: 0041483A
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?,?,00414B24,00000000), ref: 0041486C
FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,00414B24,00000000), ref: 00414873

Strings

thread.exit_event, xrefs: 004147D3
thread, xrefs: 00414852
thread.entry_event, xrefs: 0041477E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CloseErrorLast$CreateEventHandle$ChangeFindH_prologNotificationObjectSingleWait
String ID: thread$thread.entry_event$thread.exit_event
API String ID: 915737812-3017686385
Opcode ID: 6b311a1f770eee7a72b5a455d37515bdc428d4e3526d2248dc7c780d3341e4c9
Instruction ID: 0b79e7f0c15327e9da17b43a34241b3698589d770cc40297c089d4d07e25d328
Opcode Fuzzy Hash: 6b311a1f770eee7a72b5a455d37515bdc428d4e3526d2248dc7c780d3341e4c9
Instruction Fuzzy Hash: CE41A974A00214AFDB10EFA5C8457AFBBB5EF84354F10807AF805A7391DBB49D46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 004090D7 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 174
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

new.LIBCMT ref: 004D0330
GetModuleHandleA.KERNEL32(?), ref: 004D039F
GetProcAddress.KERNEL32(00000000,?), ref: 004D0426
GetModuleHandleA.KERNEL32(?,00000000,00000024), ref: 004D04D5
GetProcAddress.KERNEL32(00000000), ref: 004D04DC
GetNativeSystemInfo.KERNELBASE(?), ref: 004D04EE
GetSystemInfo.KERNEL32(?), ref: 004D04FA

Strings

M, xrefs: 004D03C8
e, xrefs: 004D0364

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: AddressHandleInfoModuleProcSystem$Native
String ID: M$e
API String ID: 4128499644-1261679600
Opcode ID: 26a7ac068b73835caf95e5fa928afb245378d7cffc00a078fe7f37421a4a8d80
Instruction ID: 7f076f262e4bb91a6750fffe37d8c54c711c44c40eb3a28a00d27e8eef38a7fb
Opcode Fuzzy Hash: 26a7ac068b73835caf95e5fa928afb245378d7cffc00a078fe7f37421a4a8d80
Instruction Fuzzy Hash: 7C512A319083819AE314DF3CD9857AAF7E4FFA9304F105A1FFAC4D60A2EB74A5858716

Uniqueness

Uniqueness Score: -1.00%

Function 004152CD Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004152D2
EnterCriticalSection.KERNEL32(?), ref: 004152E6
CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00415309
GetLastError.KERNEL32 ref: 00415316

Part of subcall function 0041037A: __EH_prolog.LIBCMT ref: 0041037F

SetWaitableTimer.KERNELBASE(?,?,000493E0,00000000,00000000,00000000), ref: 00415363
new.LIBCMT ref: 00415371
new.LIBCMT ref: 0041538A
LeaveCriticalSection.KERNEL32(?), ref: 004153CE

Strings

timer, xrefs: 00415331

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalH_prologSectionTimerWaitable$CreateEnterErrorLastLeave
String ID: timer
API String ID: 80991882-1792073242
Opcode ID: cdb135c908b685f4243a48fc5eced90cd833a3d47e2270d03613246561c0a4f8
Instruction ID: 81198b5b4e12bd1187ba2ab20eed8b98814ca33eefdc30da37c94bbb21581d96
Opcode Fuzzy Hash: cdb135c908b685f4243a48fc5eced90cd833a3d47e2270d03613246561c0a4f8
Instruction Fuzzy Hash: 253173B1904344EFDB00DF69C8857EEBBB9EF48314F10816EE845AB242D7B48A85CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00452F81 Relevance: 12.1, APIs: 8, Instructions: 87
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00452F86
socket.WS2_32(00000002,00000002,00000000), ref: 00452FB4
htons.WS2_32(00000009), ref: 00453005
connect.WS2_32(00000000,?,00000010), ref: 00453016
closesocket.WS2_32(00000000), ref: 00453022

Part of subcall function 00452EC0: __EH_prolog.LIBCMT ref: 00452EC5
Part of subcall function 00452EC0: WSAStartup.WS2_32(00000101,?), ref: 00452EFC
Part of subcall function 00452EC0: gethostbyname.WS2_32(?), ref: 00452F1B
Part of subcall function 00452EC0: inet_ntoa.WS2_32(?), ref: 00452F28

getsockname.WS2_32(00000000,?,00000010), ref: 00453041
closesocket.WS2_32(00000000), ref: 0045304D
inet_ntop.WS2_32(00000002,7F000001,?,00000016), ref: 0045305E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prologclosesocket$Startupconnectgethostbynamegetsocknamehtonsinet_ntoainet_ntopsocket
String ID:
API String ID: 633287244-0
Opcode ID: f5f5fbd19dbca0a862f7eb61407344802759e4f89fe51e6e2834ba27e1eaab73
Instruction ID: 5b0bf888ce328ebc8f7654541aaef070da74032fad1407d6ff225a7c75816ed1
Opcode Fuzzy Hash: f5f5fbd19dbca0a862f7eb61407344802759e4f89fe51e6e2834ba27e1eaab73
Instruction Fuzzy Hash: 8B319571D00208ABDB10DBE5EC49AEEBB7DEF44711F10450BF912E22D2D7B849458B69

Uniqueness

Uniqueness Score: -1.00%

Function 006AC888 Relevance: 9.2, APIs: 6, Instructions: 216
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,006ACAD9,00000001,00000001,?), ref: 006AC8E2
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,006ACAD9,00000001,00000001,?,?,?,?), ref: 006AC968
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 006ACA62
__freea.LIBCMT ref: 006ACA6F

Part of subcall function 006A108E: RtlAllocateHeap.NTDLL(00000000,00000003,00000003,?,006AAD9E,00001000,00000000,?,?,?,006A082B,00000000,00000000,00000000,?,?), ref: 006A10C0

__freea.LIBCMT ref: 006ACA78
__freea.LIBCMT ref: 006ACA9D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 1ec1923b02ff4a2d3de14dc911272f89a5217b01c918c1f7141e847b39a047c4
Instruction ID: 86292834f738c96dbc1cf993336d3d24c26be9c074e51f227bd2506d47692d73
Opcode Fuzzy Hash: 1ec1923b02ff4a2d3de14dc911272f89a5217b01c918c1f7141e847b39a047c4
Instruction Fuzzy Hash: B151F67260021AABEB25AF64CC41EFF77ABEF42760F144229FE04D6254EB34DC40DA90

Uniqueness

Uniqueness Score: -1.00%

Function 004B02E0 Relevance: 9.1, APIs: 6, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004B02E5
std::_Lockit::_Lockit.LIBCPMT ref: 004B02F4

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 004B0314
__CxxThrowException@8.LIBVCRUNTIME ref: 004B034B
std::_Facet_Register.LIBCPMT ref: 004B0361
std::_Lockit::~_Lockit.LIBCPMT ref: 004B036E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
String ID:
API String ID: 1252875284-0
Opcode ID: c0e17db30a694421d04265faf59378f693b64b9600864ea3d7819ed5d6e79e0d
Instruction ID: 78f492c9bfe4b46bd4934e7f848da8e9cd49b79d55c67d64c25b280fc1e3c0ca
Opcode Fuzzy Hash: c0e17db30a694421d04265faf59378f693b64b9600864ea3d7819ed5d6e79e0d
Instruction Fuzzy Hash: 8B11A772E005299BCB14FBA4D805AEE7775FF44721F50421EF81567291DB389A01C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00430B17 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 138
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00430B1B

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 00430B26

Part of subcall function 00429BC7: VerSetConditionMask.KERNEL32(00000000,00000000,00000080,00000001,?,?,00000000), ref: 00429C21
Part of subcall function 00429BC7: VerifyVersionInfoW.KERNEL32(0000011C,00000080,00000000), ref: 00429C31

Strings

yvY, xrefs: 00430BAD
evY, xrefs: 00430C14
ovY, xrefs: 00430C57

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ConditionExceptionException@8H_prologInfoMaskRaiseThrowVerifyVersion
String ID: evY$ovY$yvY
API String ID: 427066989-2562377268
Opcode ID: 7e66fc0fb2390a2c9767167f78ed8f89248d71a62f7d286e4ce8b8af001c0436
Instruction ID: 69eeb7d7c3b84b7ea36d890f3107908ae79c651bf5a834563b2563b6c9d57f6f
Opcode Fuzzy Hash: 7e66fc0fb2390a2c9767167f78ed8f89248d71a62f7d286e4ce8b8af001c0436
Instruction Fuzzy Hash: 63511770D04209EFDB10CF99D895AAEFBB8FB08308F24526AE505A7281C7799D058B69

Uniqueness

Uniqueness Score: -1.00%

Function 00415C9C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASetLastError.WS2_32(00000000), ref: 00415CB4
_strlen.LIBCMT ref: 00415CE1
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,00000001), ref: 00415D02
WSAStringToAddressW.WS2_32(?,?,00000000,?,00000080), ref: 00415D17

Strings

255.255.255.255, xrefs: 00415D4C

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: AddressByteCharErrorLastMultiStringWide_strlen
String ID: 255.255.255.255
API String ID: 211062275-2422070025
Opcode ID: 35ac3af6ee5bfbc4bcd5784e29432c239da0f77f63fc4b61a0c2db66133bb8f7
Instruction ID: 90f16403a3ccad3dd7e36331342522bdd81ba9cbe8a4690d11ee0a9552b0ec44
Opcode Fuzzy Hash: 35ac3af6ee5bfbc4bcd5784e29432c239da0f77f63fc4b61a0c2db66133bb8f7
Instruction Fuzzy Hash: C7411731A00614EBDB206B64DC46BEEB769EF81334F20831BF9299B2D1D778598187C5

Uniqueness

Uniqueness Score: -1.00%

Function 0041369B Relevance: 7.6, APIs: 5, Instructions: 128
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004136A0

Part of subcall function 004138F8: __EH_prolog.LIBCMT ref: 004138FD
Part of subcall function 004138F8: GetTickCount64.KERNEL32 ref: 0041391A

GetSystemTimes.KERNELBASE(?,?,?), ref: 0041370A
GetCurrentProcess.KERNEL32(?,?,?,?), ref: 00413724
GetProcessTimes.KERNELBASE(00000000), ref: 0041372B
GetTickCount64.KERNEL32 ref: 00413823

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Count64H_prologProcessTickTimes$CurrentSystem
String ID:
API String ID: 2284428309-0
Opcode ID: 236d7e2644c345143adb0c189a4fec71ec096c75c1f097dc3eab28c4d6001a43
Instruction ID: a254041eaa7e4b0b50e61da91e07f6796d4f1d516a85174cce91633ffafc66c9
Opcode Fuzzy Hash: 236d7e2644c345143adb0c189a4fec71ec096c75c1f097dc3eab28c4d6001a43
Instruction Fuzzy Hash: 08510AF5D002589FCB14DFE9D8819DEBBB9FB89701F00852AE505E7312E7385986CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00414441 Relevance: 7.6, APIs: 5, Instructions: 77
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00414446
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,0041F3B3,?,0041F3E1,?,?,?,?,0041EE4E,?), ref: 00414456
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,0041F3B3,?,0041F3E1,?,?,?,?,0041EE4E,?), ref: 00414484
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,0041F3B3,?,0041F3E1,?,?,?,?,0041EE4E,?), ref: 004144AD
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,0041F3B3,?,0041F3E1,?,?,?,?,0041EE4E), ref: 004144F7

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$H_prolog
String ID:
API String ID: 1633115879-0
Opcode ID: 48a8dd1e56f148ea3e8c9edaf9ab52552c3326993aacd736f61a3b6608c45d46
Instruction ID: e37c270583d34f6fdcbed936fd6dc41b70da8ade8f22dd1501a04d0a02904186
Opcode Fuzzy Hash: 48a8dd1e56f148ea3e8c9edaf9ab52552c3326993aacd736f61a3b6608c45d46
Instruction Fuzzy Hash: D231AC759042559FDB10CF68C98479ABBB5FF88710F20864EE85597301C7B9ED81CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 004146D0 Relevance: 7.5, APIs: 5, Instructions: 36
synchronizationthreadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 004146EE
CloseHandle.KERNEL32(?), ref: 004146F7
TerminateThread.KERNEL32(?,00000000), ref: 00414711
QueueUserAPC.KERNELBASE(004146A3,?,00000000), ref: 0041471E
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00414729

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Wait$CloseHandleMultipleObjectObjectsQueueSingleTerminateThreadUser
String ID:
API String ID: 3892215915-0
Opcode ID: 3ec5ae4b6e7c796421652c2a7545122f5017f0dce0ab16dcd00dd9a7be1801ad
Instruction ID: 1e819aa565a8910f63e950dfc57558bee440c737e81045b7b22afa792695e07a
Opcode Fuzzy Hash: 3ec5ae4b6e7c796421652c2a7545122f5017f0dce0ab16dcd00dd9a7be1801ad
Instruction Fuzzy Hash: DDF09630504704EFE7509F64DC49FA67BF9EB49721F104269F52ED66E0DBB1AC808B60

Uniqueness

Uniqueness Score: -1.00%

Function 00694F05 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54
threadCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE ref: 00694F4E
GetLastError.KERNEL32(?,?,?,00414806,00000000,00000000,0041487E), ref: 00694F5A
__dosmaperr.LIBCMT ref: 00694F61

Strings

~HA, xrefs: 00694F28

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID: ~HA
API String ID: 2744730728-2555717699
Opcode ID: 012f35cf20328ae3c923eebbffb2d189a03c25afb4f31a3854c950dbbcf6196d
Instruction ID: a28228cb249d192a0490e985ea7e308233fdceaf7abf6463b4ce0b4950d670d3
Opcode Fuzzy Hash: 012f35cf20328ae3c923eebbffb2d189a03c25afb4f31a3854c950dbbcf6196d
Instruction Fuzzy Hash: F501693650521AABDF259FA1DC05E9F3B6FEFC4360F010028F80486A10DF318812C6A0

Uniqueness

Uniqueness Score: -1.00%

Function 006AB96D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

LCMapStringEx.KERNELBASE ref: 006AB9C0
LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000001,?,?), ref: 006AB9DE

Strings

LCMapStringEx, xrefs: 006AB988
0A, xrefs: 006AB9BA

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: String
String ID: 0A$LCMapStringEx
API String ID: 2568140703-1841893537
Opcode ID: ea4460510015f5977b781a5df97bf006a9c03b4116b64c3ed7a6936ed41caf73
Instruction ID: 78663075d4456955a6bdf8df67ea3bbf43c27e8d08bc1616b7ad118f32a7fa07
Opcode Fuzzy Hash: ea4460510015f5977b781a5df97bf006a9c03b4116b64c3ed7a6936ed41caf73
Instruction Fuzzy Hash: 15012532640209BBDF026F90DD06DEE3FA3EF0A760F004118FE0866261CB768971AF85

Uniqueness

Uniqueness Score: -1.00%

Function 0042100C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCONCRT ref: 00421014

Part of subcall function 0040F2EC: ___std_exception_copy.LIBVCRUNTIME ref: 0040F313

__CxxThrowException@8.LIBVCRUNTIME ref: 00421031

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

Strings

bad locale name, xrefs: 0042100C
\$n, xrefs: 00421028, 00421030

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ExceptionException@8RaiseThrow___std_exception_copystd::exception::exception
String ID: \$n$bad locale name
API String ID: 4055469071-1203730499
Opcode ID: 1b75a0af376e86cef2cb94bfe60e125401c4bcedd4f989fc5e17589a774403c4
Instruction ID: de4c522dbd7238e892ea0bd5804268c61348616e56c2409af10b3955a1e18fc5
Opcode Fuzzy Hash: 1b75a0af376e86cef2cb94bfe60e125401c4bcedd4f989fc5e17589a774403c4
Instruction Fuzzy Hash: E2E0E532D4568AEACB00EFE4D401ADEFB75AB00310F1082AEE414A71C2CB7D0600CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0041487E Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00414883
SetEvent.KERNEL32(00000000), ref: 00414897
SetEvent.KERNEL32(?), ref: 004148B4
SleepEx.KERNELBASE(000000FF,00000001), ref: 004148BE

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Event$H_prologSleep
String ID:
API String ID: 1765829285-0
Opcode ID: 2a203f42bc5b33d3a13a3af4d886ce5b736f630bb6aebf30fe298175220b8e56
Instruction ID: 485320c20e7a0a70c1a616592e1f4c203106a78677124a96d5512a3dd4e7ad03
Opcode Fuzzy Hash: 2a203f42bc5b33d3a13a3af4d886ce5b736f630bb6aebf30fe298175220b8e56
Instruction Fuzzy Hash: 12F04F71600214EFDB10DF98D8C9B98BBB1FF09321F108258F5199B292C7749A80CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0041F2D9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041F2DE

Strings

yFA, xrefs: 0041F2F3
HA, xrefs: 0041F31E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: yFA$HA
API String ID: 3519838083-819086381
Opcode ID: 649df98a89199086e95e4fc606170e50c03dc2fc8513806fa02c722f5c2561a2
Instruction ID: be5c42be2c6e3d10ebd187c374126fcc079f844a785c0e5cd0415d1f854fe2d0
Opcode Fuzzy Hash: 649df98a89199086e95e4fc606170e50c03dc2fc8513806fa02c722f5c2561a2
Instruction Fuzzy Hash: 232110B1901609EFC704CF5AC285689FFF4FF48310F6081AED0989B762D3B49A50CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00694D25 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00787350,00000010), ref: 00694D38
ExitThread.KERNEL32 ref: 00694D3F

Strings

0A, xrefs: 00694D74

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ErrorExitLastThread
String ID: 0A
API String ID: 1611280651-187954893
Opcode ID: aa497236cf176ef17a3b454ef00a04b474a789f811a1e7152174b5b94ede9673
Instruction ID: 2efdd878437aebd3bf93266263e471f643659c3a6f6777dfb9798e7ab1f8543b
Opcode Fuzzy Hash: aa497236cf176ef17a3b454ef00a04b474a789f811a1e7152174b5b94ede9673
Instruction Fuzzy Hash: 8CF08C74500205AFDB44BB70C84AAAD3B6AFF45700F10014CF5026B692CB75AD41DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00414C58 Relevance: 4.6, APIs: 3, Instructions: 116timeCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00414C5D
SetWaitableTimer.KERNELBASE(00000001,?,00000001,00000000,00000000,00000000), ref: 00414C8C
GetQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 00414D4C

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CompletionH_prologQueuedStatusTimerWaitable
String ID:
API String ID: 2995059299-0
Opcode ID: a5d252669b9f60b85a81388a257bfec91c7b689e5e5c4f13bc946e12480acd58
Instruction ID: 7d45d137beb1f6b2b34f5553cb745bb15eb055e86ce864ac407ad0ee56832f04
Opcode Fuzzy Hash: a5d252669b9f60b85a81388a257bfec91c7b689e5e5c4f13bc946e12480acd58
Instruction Fuzzy Hash: 11416972A0060A9FDB15DF90D880BEFB3BAFF84315F00052ED412A6640DB78A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 004155BD Relevance: 4.6, APIs: 3, Instructions: 80COMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 00415614
ioctlsocket.WS2_32(?,8004667E,00000000), ref: 00415675
closesocket.WS2_32 ref: 0041567F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: closesocket$ioctlsocket
String ID:
API String ID: 1937125420-0
Opcode ID: 7f8ea74ace3310373a21be71c5b815b7612f66b1af64607ab136a716ee225d1d
Instruction ID: 0867f8573ec13ec267d5fb650704c9035aa2dc82b8724a08c876cf7a7597308c
Opcode Fuzzy Hash: 7f8ea74ace3310373a21be71c5b815b7612f66b1af64607ab136a716ee225d1d
Instruction Fuzzy Hash: 8B213B31900619ABCB10EB64CCC1AFE7775AF80318F04816AEC15AB2C1EB785D85C798

Uniqueness

Uniqueness Score: -1.00%

Function 004160FF Relevance: 4.5, APIs: 3, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00416104
EnterCriticalSection.KERNEL32(?,?), ref: 00416121
LeaveCriticalSection.KERNEL32(?), ref: 00416160

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterH_prologLeave
String ID:
API String ID: 367238759-0
Opcode ID: d0c113fbeb00a019116e248b927bd9237ee2790a523a3c3fc403efa86fd83a73
Instruction ID: de7e618a69ece48fe05348024f7aad34e8c204bac18a713b4793032de90bd1dd
Opcode Fuzzy Hash: d0c113fbeb00a019116e248b927bd9237ee2790a523a3c3fc403efa86fd83a73
Instruction Fuzzy Hash: F20180B1901704EFC724DF29D980A9BBBF5FF48710B10462EE84693B02D774E985CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00694DD9 Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON

Download Yara Rule

APIs

Part of subcall function 006A9F63: GetLastError.KERNEL32(?,?,?,0069C0D2,006A0714,?,006A9F0D,00000001,00000364,?,00694D4A,00787350,00000010), ref: 006A9F68
Part of subcall function 006A9F63: _free.LIBCMT ref: 006A9F9D
Part of subcall function 006A9F63: SetLastError.KERNEL32(00000000), ref: 006A9FD1

ExitThread.KERNEL32 ref: 00694DEB
CloseHandle.KERNEL32(?,?,?,00694F97,?,?,00694D82,00000000), ref: 00694E13
FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,00694F97,?,?,00694D82,00000000), ref: 00694E29

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ErrorExitLastThread$CloseFreeHandleLibrary_free
String ID:
API String ID: 1198197534-0
Opcode ID: 0b684379a3635da3496ba8be5a775a66397e6181a37d77da4e3ed34cfb2c9944
Instruction ID: 1797eb193d2ac906eade3a6409676f5f76e6e4c1304b61f1546358f000c6dd65
Opcode Fuzzy Hash: 0b684379a3635da3496ba8be5a775a66397e6181a37d77da4e3ed34cfb2c9944
Instruction Fuzzy Hash: C4F05E384007416BDF216B75D888EAB7A9FAF05364F194714F824C7AA1DF70DD96CA90

Uniqueness

Uniqueness Score: -1.00%

Function 0044DB7B Relevance: 4.5, APIs: 3, Instructions: 28COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0044DB80

Part of subcall function 0044DE59: __EH_prolog.LIBCMT ref: 0044DE5E
Part of subcall function 0044DE59: new.LIBCMT ref: 0044DE84
Part of subcall function 0044DE59: GetModuleHandleA.KERNEL32(?,?,?,?,00000000), ref: 0044DEEB
Part of subcall function 0044DE59: GetProcAddress.KERNEL32(?,?), ref: 0044DF6C

GetTickCount64.KERNEL32 ref: 0044DBA6
GetTickCount.KERNEL32 ref: 0044DBAE

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prologTick$AddressCountCount64HandleModuleProc
String ID:
API String ID: 698623096-0
Opcode ID: 8d5ce083c1ad621dd4a88b8baaeb9e7a58a3a93ef15a59b0fc5f1ca059920e57
Instruction ID: 93337046b72b4f272735c9cdc7ca763423b43e58d840744d40130068c9892647
Opcode Fuzzy Hash: 8d5ce083c1ad621dd4a88b8baaeb9e7a58a3a93ef15a59b0fc5f1ca059920e57
Instruction Fuzzy Hash: E6F082B1E052489EDB00AFEA99842ADFFB5FB15310F5040AFD90892301C7740A00D675

Uniqueness

Uniqueness Score: -1.00%

Function 0040A24C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040A253

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040A24D, 0040A25A

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: a13e5a9eb76f658fc8cef7e763b04846b6ccee0d58ab8a936c399d7a9fef9c3b
Instruction ID: 0057e7b996f07cbecae86091c4394cb40fbf005e9b2a5c44e7be6a6a3eddf1eb
Opcode Fuzzy Hash: a13e5a9eb76f658fc8cef7e763b04846b6ccee0d58ab8a936c399d7a9fef9c3b
Instruction Fuzzy Hash: 47C04C529956302D394533693C07DEE068E8D56720B16016FF540A55D35D891C8185FF

Uniqueness

Uniqueness Score: -1.00%

Function 00402213 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040221A

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 00402214, 00402219, 00402221

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: 6c75143759b1a0a942d3d29a8f845cbb2cd5cba0d55d9052d534d56ccfa625ae
Instruction ID: c393f2c3f4ed60259a07d8ef2066c57b9609af5342ce6087124609bbc4b4f2a9
Opcode Fuzzy Hash: 6c75143759b1a0a942d3d29a8f845cbb2cd5cba0d55d9052d534d56ccfa625ae
Instruction Fuzzy Hash: 34C04C625996313D394533A57C17DEA024E8D5A720B16007FF540655D25C891C8182FF

Uniqueness

Uniqueness Score: -1.00%

Function 00402239 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00402240

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200, xrefs: 0040223A, 0040223F, 00402247

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200
API String ID: 4000879885-1544901093
Opcode ID: d7a0e31c9d367d6b4e0086246cab88c578aa6c5cce22c2c74ef71889cd7f544f
Instruction ID: b331fccb048b4c8ee2da9397841e484c74ccb636dbe33c2963b62e9c23243bac
Opcode Fuzzy Hash: d7a0e31c9d367d6b4e0086246cab88c578aa6c5cce22c2c74ef71889cd7f544f
Instruction Fuzzy Hash: 07C04C226959216D395D32553C07DEE064E8D56321B16017FFA406A5D25C892DD142FE

Uniqueness

Uniqueness Score: -1.00%

Function 004086C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 004086C8

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200, xrefs: 004086C2, 004086C7, 004086CF

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200
API String ID: 4000879885-1544901093
Opcode ID: 8e7b6a62a7f449c00df646b5822cc82ab340074e66ba37648f237b0ab4100ce3
Instruction ID: 38110bd242ea3bfd04d15056785364a972470e7e41aea10792510e1e59a21646
Opcode Fuzzy Hash: 8e7b6a62a7f449c00df646b5822cc82ab340074e66ba37648f237b0ab4100ce3
Instruction Fuzzy Hash: EEC04C126959212D395933A53C07DEF024E9D96721B16016FFA80AA5D25C892C8581FE

Uniqueness

Uniqueness Score: -1.00%

Function 004086E7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 004086EE

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

dfd6166c1b242959df16a7891453e0c7e9f783073c64e6e084daa67f4766fe1381aaddc04a018f95ec9bc1f5f35bf980c51f48ce4e0384d99c6174d4b1afdbaeb13235168e2d5194a840dcb61cc342e92a6aaa3ca0231e45e22e2764fe92cf55, xrefs: 004086E8, 004086ED, 004086F5

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: dfd6166c1b242959df16a7891453e0c7e9f783073c64e6e084daa67f4766fe1381aaddc04a018f95ec9bc1f5f35bf980c51f48ce4e0384d99c6174d4b1afdbaeb13235168e2d5194a840dcb61cc342e92a6aaa3ca0231e45e22e2764fe92cf55
API String ID: 4000879885-3047839149
Opcode ID: 52f138f5f3c4758fb06156ed658a7e869c0c64f69568de72edf7b48565dcd7a0
Instruction ID: 74496edd26b83049336a924a703b8acea00f5dc567d2fb9a3aafc87a4f3f1b70
Opcode Fuzzy Hash: 52f138f5f3c4758fb06156ed658a7e869c0c64f69568de72edf7b48565dcd7a0
Instruction Fuzzy Hash: 59C04C225965312D3D4933993807EEE129E9D46320B15006FF540A65D25C892C8142FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040869B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 004086A2

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040869C, 004086A1, 004086A9

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: 46f9ab46924a15d9fade5a833f096f983514fa063c6a63bbe3199452343a6224
Instruction ID: 0288b0a33f127923fdc175bcc9e4f226d07a171e5f468928065520b70e5e6145
Opcode Fuzzy Hash: 46f9ab46924a15d9fade5a833f096f983514fa063c6a63bbe3199452343a6224
Instruction Fuzzy Hash: 2EC04C165956312D3D853355380BDEF024E9D9A720B16017FB940656D26D892C8181FE

Uniqueness

Uniqueness Score: -1.00%

Function 004048E3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 004048EA

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 004048E4, 004048E9, 004048F1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: cb66ab9859d84a741034d9066d5ef1e0ad11e0a5931de845d7aefba0c31e4078
Instruction ID: 12941ef5300d5d3ca1d48400a836db727a3aa57d222af7125f71995f6a6bb9da
Opcode Fuzzy Hash: cb66ab9859d84a741034d9066d5ef1e0ad11e0a5931de845d7aefba0c31e4078
Instruction Fuzzy Hash: 31C04C125966302D3D8532653817EEE025E8D56721F1A006FF544695D25C891C8192FE

Uniqueness

Uniqueness Score: -1.00%

Function 00402ADE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00402AE5

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 00402ADF, 00402AE4, 00402AEC

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: af2fdc16549afdd7053b4f93b146f0a5835cd97348ddc046397c92d47fcac9c4
Instruction ID: 663f77395931ad928d018b832c8a80838be7224243435c2140bfc78c987bc14c
Opcode Fuzzy Hash: af2fdc16549afdd7053b4f93b146f0a5835cd97348ddc046397c92d47fcac9c4
Instruction Fuzzy Hash: 11C04C125D56302D39853255380BDEE025E8D56720B16007FFA40655D65C891D8186FF

Uniqueness

Uniqueness Score: -1.00%

Function 0040CA84 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040CA8B

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040CA85, 0040CA92

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: 6276a9d0b93414d90e90e31375a2c00142c6ef80445f8f85f060e4b95383e300
Instruction ID: 4ffc46775f5eb4f1bce176144216cd53af0bd79fecfd64caa3f21755272c7365
Opcode Fuzzy Hash: 6276a9d0b93414d90e90e31375a2c00142c6ef80445f8f85f060e4b95383e300
Instruction Fuzzy Hash: 9BC04C225957312D3D8573A57C07DEA124E8D56720B16017FB685655D25C882C8185FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040AB17 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040AB1E

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040AB18, 0040AB1D, 0040AB25

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: a4c2e320fcbd13dd0b23e06fff12f430240279764f8e309c687d31aece20bfae
Instruction ID: ad4ebcbc0a8346865d7247a4bd0e6c99cbf8780e4a0df1b70d48cffb608485de
Opcode Fuzzy Hash: a4c2e320fcbd13dd0b23e06fff12f430240279764f8e309c687d31aece20bfae
Instruction Fuzzy Hash: E1C04C525957302D394533953907DEA024E8D5A721B1600BFF540655D25C892C8185FE

Uniqueness

Uniqueness Score: -1.00%

Function 00408F66 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00408F6D

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 00408F67, 00408F74

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: 17ea888e38134683cdf63a39112437597a40c98a3643a50a7adb7154dbfdb726
Instruction ID: 25b6a108980f8320795cb07f9d76a86d19351f6e50c10c6e81196ad634ecde63
Opcode Fuzzy Hash: 17ea888e38134683cdf63a39112437597a40c98a3643a50a7adb7154dbfdb726
Instruction Fuzzy Hash: BDC04C125A56302E398532A53D07DEA025E8D56720B16016FF545696D25C892C8181FE

Uniqueness

Uniqueness Score: -1.00%

Function 004051D5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 004051DC

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 004051D6, 004051DB, 004051E3

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: e59221f2f58c9023ab2180e1b6b846518b0009eb0d74b970a5a1cd132acaf600
Instruction ID: a72b6a1d3d66b53a737fe09d3f5f2c3c5e8c4145830486a641d466840165291e
Opcode Fuzzy Hash: e59221f2f58c9023ab2180e1b6b846518b0009eb0d74b970a5a1cd132acaf600
Instruction Fuzzy Hash: 44C04C129D56312E394532953807DEE024E9E56720B16006FF544655D35C891D8181FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040D34F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040D356

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040D350, 0040D35D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: c0291116a35615347779e152e232d7410a41ec378949e879e0fb3c164c20797a
Instruction ID: 788e81043146d34a204da95c6aaf527042f0c320375d9e9c5808827149d451a4
Opcode Fuzzy Hash: c0291116a35615347779e152e232d7410a41ec378949e879e0fb3c164c20797a
Instruction Fuzzy Hash: 08C04C125956302D394533A53C07DEA128E8D56724B16107FB945655D25C981D8181FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040B3E2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040B3E9

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040B3E3, 0040B3F0

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: f7016eaf5d46032af08ac5e73edf201fb02a8c09319702655e35e9505bc4417b
Instruction ID: 9ea7e63911cbe7384143c5be40584d122255df295a60662729e35affd5050ccb
Opcode Fuzzy Hash: f7016eaf5d46032af08ac5e73edf201fb02a8c09319702655e35e9505bc4417b
Instruction Fuzzy Hash: 99C04C525956302D398533553807DEA125E8D96720B16006FF544656D65D891C8185FE

Uniqueness

Uniqueness Score: -1.00%

Function 00403451 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00403458

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 00403452, 00403457, 0040345F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: a88873883395326aecf144e36c4cb31f922a35a7bf53c3a45d6b3de9eaff6cea
Instruction ID: e4219eabbc0be6cdcb4523690851dbfc945d72fc796d06143663a067f437321e
Opcode Fuzzy Hash: a88873883395326aecf144e36c4cb31f922a35a7bf53c3a45d6b3de9eaff6cea
Instruction Fuzzy Hash: 6FC04C1659663029395532593C17DEE024E8D56720B56007FF540A65D35E891C8182FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040180D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00401814

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040180E, 00401813, 0040181B

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: 146ca6217d18466d58299d053ba01ef84f1d277f9c12c16192551382db982e26
Instruction ID: fd182bead98460bf8a69c0a98c1d47d876b4f272ad37733376e36c40a964e083
Opcode Fuzzy Hash: 146ca6217d18466d58299d053ba01ef84f1d277f9c12c16192551382db982e26
Instruction Fuzzy Hash: C3C04C525996302D3D4533657817DEA029E9D5A720B16007FF545A65D25C881C8192FE

Uniqueness

Uniqueness Score: -1.00%

Function 00409981 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00409988

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 00409982, 0040998F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: 9ecb975c5901ed6d7a556b7a49eb38af3c4b6887b0a968287d8374e01d3ee505
Instruction ID: 1b29e55c750c172269f35e3fd5b5890a0a68579d4ef95ad94b1982a3a30d14aa
Opcode Fuzzy Hash: 9ecb975c5901ed6d7a556b7a49eb38af3c4b6887b0a968287d8374e01d3ee505
Instruction Fuzzy Hash: 3FC04C12599A702D395532553817DEE024E8D57B20B56007FF650A55D25C891C8181FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040BF4F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040BF56

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040BF50, 0040BF5D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: f43ebf07d7d21ca5baaa8e30ca0dc65b2f0e69079912c4b405532adc23352d62
Instruction ID: 3436170ea041aa1e5de0fee85609c1d8a8328f22e981a0665eda8f3eee515125
Opcode Fuzzy Hash: f43ebf07d7d21ca5baaa8e30ca0dc65b2f0e69079912c4b405532adc23352d62
Instruction Fuzzy Hash: 74C04C22999A302D3D4533A97C07DEA028E8D56730B16017FB541656D65D882C8185FE

Uniqueness

Uniqueness Score: -1.00%

Function 00403F53 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00403F5A

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 00403F54, 00403F59, 00403F61

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
API String ID: 4000879885-2292685684
Opcode ID: ff27ec75a051114188215cfe400a4cbaf0c78fa13b69bb3fe721d448436fddd1
Instruction ID: c9f98c8cbfcdd9fab2be9cf57d1fce3192d82ac0d695ce3633eb1dbab1b9471e
Opcode Fuzzy Hash: ff27ec75a051114188215cfe400a4cbaf0c78fa13b69bb3fe721d448436fddd1
Instruction Fuzzy Hash: D2C04C125956302D399532993C07DEE024E9D56720B56016FF544655D25C891C81C1FE

Uniqueness

Uniqueness Score: -1.00%

Function 0041CECB Relevance: 3.1, APIs: 2, Instructions: 66COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041CF30
__Thrd_sleep.LIBCPMT ref: 0041CF5E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Thrd_sleepUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 2189147043-0
Opcode ID: 6ef084d886536efa36fb08816f2cde13a72646d32545107b0f6acc4ccb184032
Instruction ID: a5553f93fda0dbafcf3dd2cc12bc55a76eae7f1fe9668aa702ce21b3fda4d9d8
Opcode Fuzzy Hash: 6ef084d886536efa36fb08816f2cde13a72646d32545107b0f6acc4ccb184032
Instruction Fuzzy Hash: EC1157325043109BD310EF698C81B57BFE9EFC9754F08462EB908BA151E6749980878A

Uniqueness

Uniqueness Score: -1.00%

Function 004255F7 Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalSection$CompletionEnterH_prologLeavePostQueuedStatus
String ID:
API String ID: 3890610498-0
Opcode ID: 8f4fab0dbd3d0f3dd64605a743e94dc0990d926ea59712ec9a4684316ceaeb30
Instruction ID: 491d5e8be5114f4b240bc796e7f9e851366441774ff87c07463e96f67409059d
Opcode Fuzzy Hash: 8f4fab0dbd3d0f3dd64605a743e94dc0990d926ea59712ec9a4684316ceaeb30
Instruction Fuzzy Hash: 8A11E171300519BBDB218E54EC4AFAA7B65EF14324FD04106FA19862E0C77CDC61DB98

Uniqueness

Uniqueness Score: -1.00%

Function 004219C9 Relevance: 3.0, APIs: 2, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004219CE
new.LIBCMT ref: 004219EB

Part of subcall function 00421976: __EH_prolog.LIBCMT ref: 0042197B
Part of subcall function 00421976: __Getctype.LIBCPMT ref: 004219A1

Part of subcall function 00421059: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00421081
Part of subcall function 00421059: std::_Lockit::~_Lockit.LIBCPMT ref: 0042110D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prologstd::_$GetctypeLocinfo::_Locinfo_dtorLockitLockit::~_
String ID:
API String ID: 4122330132-0
Opcode ID: b1b090d675cc00cb21eca32efbf5c1ae8e7c5696a35b0b42d348e107ef4bd08d
Instruction ID: fbde2bd1481ce7c7b2cb5b6156cb7aef1863e66f145bda6bb614e2272a6a618c
Opcode Fuzzy Hash: b1b090d675cc00cb21eca32efbf5c1ae8e7c5696a35b0b42d348e107ef4bd08d
Instruction Fuzzy Hash: 3201C4B1A00229ABCB10EFA9E8817DEFB75FF64320F60422FE419A7291D7740A00C794

Uniqueness

Uniqueness Score: -1.00%

Function 00414D9D Relevance: 3.0, APIs: 2, Instructions: 47COMMON

Download Yara Rule

APIs

CreateIoCompletionPort.KERNELBASE(?,?,00000000,00000000), ref: 00414DB0
GetLastError.KERNEL32 ref: 00414DBA

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CompletionCreateErrorLastPort
String ID:
API String ID: 826170474-0
Opcode ID: 0395236f40c99d132699d23732010481dfda0b7b115359d0289d3860ae94fd5e
Instruction ID: 3ef129dfe6b8358e7d9be018ffa25797f26216bf5c787367d69216dd716af2eb
Opcode Fuzzy Hash: 0395236f40c99d132699d23732010481dfda0b7b115359d0289d3860ae94fd5e
Instruction Fuzzy Hash: B8016771A0060CAF8B11DFA9988059FBBA6EE45394714807AFC05E7211D6758E068BA1

Uniqueness

Uniqueness Score: -1.00%

Function 005CD610 Relevance: 3.0, APIs: 2, Instructions: 41threadCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,004B1F18), ref: 005CD651
ResumeThread.KERNELBASE(?,?,?,?,?,?,00000000,004B1F18), ref: 005CD65F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CloseHandleResumeThread
String ID:
API String ID: 3265327148-0
Opcode ID: 587545f191535425762d6d28ab2e1c6b4122220effc7f384eebce6fc1042a334
Instruction ID: f0b4d82a862ce52bc9d00719d9f04750367e6593c9f3305768fec72d78e3c51c
Opcode Fuzzy Hash: 587545f191535425762d6d28ab2e1c6b4122220effc7f384eebce6fc1042a334
Instruction Fuzzy Hash: FFF04F712002019FDB109F99DCC5F56B7B8BF44325B14006AF919CB2A1E7B0A8D2DA64

Uniqueness

Uniqueness Score: -1.00%

Function 00415A23 Relevance: 3.0, APIs: 2, Instructions: 38networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,00000000,00000000,00000001), ref: 00415A36
setsockopt.WS2_32(00000000,00000029,0000001B,00000000,00000004), ref: 00415A69

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Socketsetsockopt
String ID:
API String ID: 4073417641-0
Opcode ID: 3b90072e8cb81b3ca05c6826c9d39db1d776a69f4c37158aedfab5e15434e4a0
Instruction ID: 663e49da4d4856ef2d3da6e005abff95531b9732195f4b7834f121d04bb2196b
Opcode Fuzzy Hash: 3b90072e8cb81b3ca05c6826c9d39db1d776a69f4c37158aedfab5e15434e4a0
Instruction Fuzzy Hash: 57F0B43A690218BBE63056188C8AFEE7659CB89B70F104316FE21A62C096F45D414195

Uniqueness

Uniqueness Score: -1.00%

Function 0040F48D Relevance: 3.0, APIs: 2, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f9d6a7a2a6c329b8c658a31af58da615f691074d5fde15becd13cb46ea05feb
Instruction ID: 3225706cb2ef8621140827d6974cb5288cc4a64a16b81056c02bd44edeb2d36d
Opcode Fuzzy Hash: 5f9d6a7a2a6c329b8c658a31af58da615f691074d5fde15becd13cb46ea05feb
Instruction Fuzzy Hash: 1BF0E2712142055ACB2CDB78985567B3B469F64324B208B3FFD2ADA9C0D739DD88830C

Uniqueness

Uniqueness Score: -1.00%

Function 00413F49 Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

__Thrd_start.LIBCPMT ref: 00413F58

Part of subcall function 00582E5D: std::_Throw_Cpp_error.LIBCPMT ref: 00582E84

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Cpp_errorThrd_startThrow_std::_
String ID:
API String ID: 1816819587-0
Opcode ID: 482491daaff7d305f77c0e5da6f056b282fd6e02cfe2d2002e2a29a61db142d5
Instruction ID: 001f3e7be6932ec7b589c578a32a9158c350cf8eb1f041a732ff9f2af810380e
Opcode Fuzzy Hash: 482491daaff7d305f77c0e5da6f056b282fd6e02cfe2d2002e2a29a61db142d5
Instruction Fuzzy Hash: E5E0D8319582117AEF1D2A259C07DE77E989F00B21B10847FF84A50461E95AEED24648

Uniqueness

Uniqueness Score: -1.00%

Function 0041F2A2 Relevance: 3.0, APIs: 2, Instructions: 18COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041F2A7
new.LIBCMT ref: 0041F2B0

Part of subcall function 0041F2D9: __EH_prolog.LIBCMT ref: 0041F2DE

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 6ebccf465f2068dae9db6c70872b754fe6c16c801c080b51acb93c81b5b83211
Instruction ID: 65a7a105255d853fcf43c732abe7d01ce016bef1e48f124c7a29f914fb7d0582
Opcode Fuzzy Hash: 6ebccf465f2068dae9db6c70872b754fe6c16c801c080b51acb93c81b5b83211
Instruction Fuzzy Hash: 14E0C270A40208ABDF18EFA8D8067BEBFB2EF40320F0083ADB815562C2DB790F408754

Uniqueness

Uniqueness Score: -1.00%

Function 00416319 Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041631E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: a7c11de10b17c89fc47b0469581b3710ff41b2bdb42303edd2173ccc73ffcf01
Instruction ID: bc131b28d82ea61ad7cf9e497848dc32f686f21abaa468e28f58667315e49527
Opcode Fuzzy Hash: a7c11de10b17c89fc47b0469581b3710ff41b2bdb42303edd2173ccc73ffcf01
Instruction Fuzzy Hash: D9319C3290450D9BCF10DF68C4416EEBBB1AF45324F11820EFC796B291C779AA96DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004121EC Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004121F1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: f437b480993a3a4e36c19eed63c538f59a40f24988aa4aaa849d257e00facecb
Instruction ID: 106f691d2cd4d388acc72c086b2a8801f6c7c68005dff5bca8a06f5e902c6d40
Opcode Fuzzy Hash: f437b480993a3a4e36c19eed63c538f59a40f24988aa4aaa849d257e00facecb
Instruction Fuzzy Hash: DE213771E042049BDB24CFA8DA407EEB7B1EF44720F10066EE821A73C0C3B46995C799

Uniqueness

Uniqueness Score: -1.00%

Function 0041EC3F Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041EC44

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 880b6969641372ef97a1c37eb609abc5c85798ce273f4fe36591dd4312caa178
Instruction ID: 54ad5f8fa5d8eb183162b415b7c6747980d5435cbff71c2e7f2fa9c717b49fd3
Opcode Fuzzy Hash: 880b6969641372ef97a1c37eb609abc5c85798ce273f4fe36591dd4312caa178
Instruction Fuzzy Hash: E3310FB1905208DFCB14DFA9C5859DEBBF8FF08320F20826EE559E7291D7349A44CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0041E7DC Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041E7E1

Part of subcall function 0041EC3F: __EH_prolog.LIBCMT ref: 0041EC44

Part of subcall function 0041B39F: __EH_prolog.LIBCMT ref: 0041B3A4

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 69d80c1fab76551441c165aa58aeb84fe836f82ef7023ae4cb88200c85a04a33
Instruction ID: 7e035398976a704261069b36eb36525f1a1acefc23991192ddd41c782832667d
Opcode Fuzzy Hash: 69d80c1fab76551441c165aa58aeb84fe836f82ef7023ae4cb88200c85a04a33
Instruction Fuzzy Hash: CF316B71A00748DFDB24EF76C445BEEBBA5EF44314F00881EE5AA87281DB782A45CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00415A77 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,0000FFFF,?,?,00000004), ref: 00415B03

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 229b2676438b68199630548ea13f135a547bc85ac154036ae7c02f03ae255c6f
Instruction ID: ee03ee346e80de96060b2f7dc48de22909011d28722b388b5a7a22666c16ff3a
Opcode Fuzzy Hash: 229b2676438b68199630548ea13f135a547bc85ac154036ae7c02f03ae255c6f
Instruction Fuzzy Hash: B011EF31644A17DBCF218E54C8806EB7B60AF853A1F108327F9689B2C0C778ECD187CA

Uniqueness

Uniqueness Score: -1.00%

Function 004145F9 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,?,?,00000000,006BAEF1,000000FF,?,Service already exists.), ref: 00414659

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalDeleteSection
String ID:
API String ID: 166494926-0
Opcode ID: 1b74082bdb999b1137e2f235ce039dea415c4248285a52e984468e3686f9d612
Instruction ID: c205b92e4670c4d4a9239502f0aa17f7a91c955e2e12e1d5caf8899e845fa433
Opcode Fuzzy Hash: 1b74082bdb999b1137e2f235ce039dea415c4248285a52e984468e3686f9d612
Instruction Fuzzy Hash: E511CE32600B10DFC724CF08D844B9AB7A4EF4AB20F15025EE91597780CB38AC418B88

Uniqueness

Uniqueness Score: -1.00%

Function 004158E1 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 004158F9

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: 844c422e5eb378a7e0d29b4a214563c5546f25862673e465dbfc040dc78f2f9b
Instruction ID: 9da11206683b960042a778e75a57ea9168890d1a14d1c1e5e2c37e50e1839dcd
Opcode Fuzzy Hash: 844c422e5eb378a7e0d29b4a214563c5546f25862673e465dbfc040dc78f2f9b
Instruction Fuzzy Hash: 69012FF0A00208FFDB209F61C8808EAB76CEB84374B10022BF80593380C738AD508796

Uniqueness

Uniqueness Score: -1.00%

Function 004AC8DD Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004AC8E2

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: f42449693ef1a47b6df4a5e2534d95c0e25e22352c546430f63f561eba1047ef
Instruction ID: c14727fb24beb689e6f6779a32a4015c6038887e017dff5ea0652d04006fa9ed
Opcode Fuzzy Hash: f42449693ef1a47b6df4a5e2534d95c0e25e22352c546430f63f561eba1047ef
Instruction Fuzzy Hash: F8115771A01249CFCB61DF58C904B9ABBF5FF08314F1085AEE8988B351D3B19A40CB80

Uniqueness

Uniqueness Score: -1.00%

Function 006A06C2 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,006A9F0D,00000001,00000364,?,00694D4A,00787350,00000010), ref: 006A0703

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3c23660a21ad2e462de00a57121c1483a83682750325c3113940d13b4d1180a9
Instruction ID: 7e934bd5066ccc049f0f0c22338a0c4756a715c0b7e1c58434b19cc306e23a6d
Opcode Fuzzy Hash: 3c23660a21ad2e462de00a57121c1483a83682750325c3113940d13b4d1180a9
Instruction Fuzzy Hash: BDF0E931248624A7FF21BE619C05B9B375FAF837B0F145111F8099A690CA31EC118EE5

Uniqueness

Uniqueness Score: -1.00%

Function 0041CF6B Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041CF70

Part of subcall function 0041EE30: __EH_prolog.LIBCMT ref: 0041EE35

Part of subcall function 0041E7DC: __EH_prolog.LIBCMT ref: 0041E7E1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: d41f1522d6369eec75bdb53f6a55bbd161640743663369d0d822af88bb528957
Instruction ID: 1cbb4bd097007db9c2494b7392ff96814d6381db4e84be9cf20203a5681cf52e
Opcode Fuzzy Hash: d41f1522d6369eec75bdb53f6a55bbd161640743663369d0d822af88bb528957
Instruction Fuzzy Hash: C0017C71A01108EFCB04EFA9C905AEEFBB9FF54314F10415EE805A7291CB749A41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00411BC8 Relevance: 1.5, APIs: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Deallocate.LIBCONCRT ref: 00411BF8

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Deallocatestd::_
String ID:
API String ID: 1323251999-0
Opcode ID: a09d8e6614e738c7becca969bd72899a6773e9be4a855900a5f4ff7d8c32c2b1
Instruction ID: fbdd84b15743c9219d8a27b68931acf2a1371eda055d287936f063f92b30fc3d
Opcode Fuzzy Hash: a09d8e6614e738c7becca969bd72899a6773e9be4a855900a5f4ff7d8c32c2b1
Instruction Fuzzy Hash: 49F0F6754007009AD7308F08A940B53F7ECEF85714F14092EEA8513611D375F98487E9

Uniqueness

Uniqueness Score: -1.00%

Function 0041B39F Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041B3A4

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 7e26deef796c43126ed51a1ca2e52b3206a359ae88f02c4dd00738d47b6216a6
Instruction ID: 654992942dd4846e25231714a87aaac56a84a338c220e369bb60f0fbff998924
Opcode Fuzzy Hash: 7e26deef796c43126ed51a1ca2e52b3206a359ae88f02c4dd00738d47b6216a6
Instruction Fuzzy Hash: DBF06DF1D15219ABC7109F59C98199BFFBDFF58760B10821BB81893241D7B15E20CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 006A108E Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000003,00000003,?,006AAD9E,00001000,00000000,?,?,?,006A082B,00000000,00000000,00000000,?,?), ref: 006A10C0

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6b22095144da70cbec31f193c9388207d853bd3e62e9af16367f76d79eb0748f
Instruction ID: 057aafb766249f32bd5b599ce166dd7925d9ac491e62c583bfb90a4e987c2369
Opcode Fuzzy Hash: 6b22095144da70cbec31f193c9388207d853bd3e62e9af16367f76d79eb0748f
Instruction Fuzzy Hash: 31E030251452A196EA7136659D04B9B3A9B9F433F0F150110A8459F292DE64AC818EB6

Uniqueness

Uniqueness Score: -1.00%

Function 004AF07A Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 004227D5: new.LIBCMT ref: 0042280B
Part of subcall function 004227D5: std::locale::_Init.LIBCPMT ref: 00422815

Part of subcall function 004AFD21: __EH_prolog.LIBCMT ref: 004AFD26

std::ios_base::_Addstd.LIBCPMT ref: 004AF0B9

Part of subcall function 004226AE: __EH_prolog.LIBCMT ref: 004226B3
Part of subcall function 004226AE: __CxxThrowException@8.LIBVCRUNTIME ref: 004226D9

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$AddstdException@8InitThrowstd::ios_base::_std::locale::_
String ID:
API String ID: 2564750599-0
Opcode ID: 3d901c01a1426a53dd42f28859e6fb9d9d7944a74d665e030c051e79394bef60
Instruction ID: 7018a0c775b5a882920073ae86af83c4afe5ed78168e96d6e9dcefd3a99bd23a
Opcode Fuzzy Hash: 3d901c01a1426a53dd42f28859e6fb9d9d7944a74d665e030c051e79394bef60
Instruction Fuzzy Hash: B2F0EC326043146BE734A6B59449B5B7BD4AF11334F00441FF48257A82DAF9F4448B95

Uniqueness

Uniqueness Score: -1.00%

Function 004AFD21 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004AFD26

Part of subcall function 00422763: __EH_prolog.LIBCMT ref: 00422768

Part of subcall function 004B02E0: __EH_prolog.LIBCMT ref: 004B02E5
Part of subcall function 004B02E0: std::_Lockit::_Lockit.LIBCPMT ref: 004B02F4
Part of subcall function 004B02E0: std::locale::_Getfacet.LIBCPMT ref: 004B0314
Part of subcall function 004B02E0: std::_Lockit::~_Lockit.LIBCPMT ref: 004B036E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Lockitstd::_$GetfacetLockit::_Lockit::~_std::locale::_
String ID:
API String ID: 3055501177-0
Opcode ID: c1d3582962254c774d239df827e698910983ea97e75e998fbf88abde84892987
Instruction ID: ca78f803e55544c0ed65db2b3ac897056a71d1f714b11054642c2cd8e851af7c
Opcode Fuzzy Hash: c1d3582962254c774d239df827e698910983ea97e75e998fbf88abde84892987
Instruction Fuzzy Hash: 1FE06CB1900118EBCB18EFA4D94AAEEB779EF54311F10425EF415A3192D7345E01C6B8

Uniqueness

Uniqueness Score: -1.00%

Function 0041569D Relevance: 1.5, APIs: 1, Instructions: 24networkCOMMON

Download Yara Rule

APIs

connect.WS2_32(?,?,?), ref: 004156BD

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: connect
String ID:
API String ID: 1959786783-0
Opcode ID: f08251cb2a754f7f2434fc7b6e2151aa4a8a2ff67c4da2180d2909c61758b2f6
Instruction ID: 94b5bfe2314bff8fdf9ce2e0ce22ba35234059b5c56646d24ec5b8d3069aba9e
Opcode Fuzzy Hash: f08251cb2a754f7f2434fc7b6e2151aa4a8a2ff67c4da2180d2909c61758b2f6
Instruction Fuzzy Hash: 89E08631601914678A1066B86C518E9775A8F80B79B04C716BE3D4B7D0CA35DC9096D4

Uniqueness

Uniqueness Score: -1.00%

Function 00434FEC Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00434FF1

Part of subcall function 0041369B: __EH_prolog.LIBCMT ref: 004136A0

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: d886ce0dca7cabb51cc6dc78e2b46fa8716ba0fa1f3bf03dbec5e83667a22732
Instruction ID: a6a17074417603aca11d58167767c08cca39a4181a89d4965a13cf8e3d3d3d66
Opcode Fuzzy Hash: d886ce0dca7cabb51cc6dc78e2b46fa8716ba0fa1f3bf03dbec5e83667a22732
Instruction Fuzzy Hash: 09F030B0C1025899CB10EFE9D8452EEBEB8AF19744F10500FF404B3251D7B80745CBE9

Uniqueness

Uniqueness Score: -1.00%

Function 0041EB4D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041EB52

Part of subcall function 00413F8D: std::_Cnd_initX.LIBCPMT ref: 00413F93
Part of subcall function 00413F8D: __Cnd_signal.LIBCPMT ref: 00413F9F
Part of subcall function 00413F8D: std::_Cnd_initX.LIBCPMT ref: 00413FB4

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Cnd_initstd::_$Cnd_signalH_prolog
String ID:
API String ID: 3262714529-0
Opcode ID: 4c40e73f0aaf95d7acdd14b120c88f9a9f93be81a4d81b41f757aeb24bf6ab4e
Instruction ID: 6ec64e20ddbb1a917344458e8d6a88660199dbb73029c05b273ebe62639c58e9
Opcode Fuzzy Hash: 4c40e73f0aaf95d7acdd14b120c88f9a9f93be81a4d81b41f757aeb24bf6ab4e
Instruction Fuzzy Hash: 96E01271955214DBDB18AF9494067DDB7B4EF04335F20078EF494662C2CB7556028799

Uniqueness

Uniqueness Score: -1.00%

Function 004107B6 Relevance: 1.5, APIs: 1, Instructions: 19networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000002,00000002), ref: 004107D9

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: f12ed0640048525d821b22233eadc94aaa0895087cee4c8538a79ba317e0a674
Instruction ID: e110cca691539e17059a820ccb334c71c76e8421bb90a4e7a02472f114fcb635
Opcode Fuzzy Hash: f12ed0640048525d821b22233eadc94aaa0895087cee4c8538a79ba317e0a674
Instruction Fuzzy Hash: 02D02B309252144FC710E6385C06575739EE707331F200335DC76C11C0F90858114AC5

Uniqueness

Uniqueness Score: -1.00%

Function 00411B0E Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

std::_Deallocate.LIBCONCRT ref: 00411B20

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Deallocatestd::_
String ID:
API String ID: 1323251999-0
Opcode ID: 4240533d9f262ce9e2afb649e3049b21eef5bca52de13571118af7fd312099d0
Instruction ID: a5bb6f8230b63ef1b743cc28815be57c126bffb7c95fa9de15f62f736ad40a87
Opcode Fuzzy Hash: 4240533d9f262ce9e2afb649e3049b21eef5bca52de13571118af7fd312099d0
Instruction Fuzzy Hash: 67D017715102118FD370DF28D940B92B7E4EF04300F10483EA4C8D2660E275A8C0CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00413FBC Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

__Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 00413FC6

Part of subcall function 00583288: __Thrd_current.LIBCPMT ref: 0058329A
Part of subcall function 00583288: __Mtx_unlock.LIBCPMT ref: 005832E6
Part of subcall function 00583288: __Cnd_broadcast.LIBCPMT ref: 005832F1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Cnd_broadcastCnd_do_broadcast_at_thread_exitMtx_unlockThrd_current
String ID:
API String ID: 3770271663-0
Opcode ID: 3f8eb422f8433fb0099226f869301b37e91ae3a0cf73d807ab6ed0381c822d4a
Instruction ID: ff022d793bb8bf46b6e52066ac2f291b08853f54aaa20664c344421b08025672
Opcode Fuzzy Hash: 3f8eb422f8433fb0099226f869301b37e91ae3a0cf73d807ab6ed0381c822d4a
Instruction Fuzzy Hash: 2EC092352142089F8340FBB8D44A81A7BE8AF95B107504079BD068BA21DE31BE14CA96

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00422D5E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00422D70

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

GetLastError.KERNEL32(?,0078835C,?,004AB6F7,80004005,007A29C4,?,004F4CC6,00000000,?,4s,?,?,004F508D), ref: 00422D76

Part of subcall function 00422D5E: LoadResource.KERNEL32(?,?,4s,?,?,8007000E,?,?,?,004AB6F7,80004005,007A29C4,?,004F4CC6,00000000), ref: 00422DD7
Part of subcall function 00422D5E: LockResource.KERNEL32(00000000,007A29C4,?,?,4s,?,?,8007000E,?,?,?,004AB6F7,80004005,007A29C4,?,004F4CC6), ref: 00422DE3
Part of subcall function 00422D5E: SizeofResource.KERNEL32(?,?,?,?,4s,?,?,8007000E,?,?,?,004AB6F7,80004005,007A29C4,?,004F4CC6), ref: 00422DF1

Strings

4s, xrefs: 00422DD0

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Resource$ErrorExceptionException@8LastLoadLockRaiseSizeofThrow
String ID: 4s
API String ID: 294969344-1257959787
Opcode ID: 14b93b8610f04b95de01a3b08f1d8995d8b73e4958a1c2cc6fbb48db3d2eb4bc
Instruction ID: e2ff399347e63724e1a48493567a94bfb53cd13b7b159f511e72fd9b16053eda
Opcode Fuzzy Hash: 14b93b8610f04b95de01a3b08f1d8995d8b73e4958a1c2cc6fbb48db3d2eb4bc
Instruction Fuzzy Hash: 3E218731300334BB9B346A69BE88ABB779CDE40340790492BFD06E7210D9F8DC8091E9

Uniqueness

Uniqueness Score: -1.00%

Function 0047E75C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028,?,?,?,0000007F,?,?,?,?,0047E90F), ref: 0047E77A
OpenProcessToken.ADVAPI32(00000000,?,?,0000007F,?,?,?,?,0047E90F), ref: 0047E781
LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,0047E90F), ref: 0047E795
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000,?,?,0000007F), ref: 0047E7C5
CloseHandle.KERNEL32(?,?,?,0000007F,?,?,?,?,0047E90F), ref: 0047E7D0

Strings

SeDebugPrivilege, xrefs: 0047E78F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
String ID: SeDebugPrivilege
API String ID: 3038321057-2896544425
Opcode ID: 0c29f445ca04c2798a4101f98d1b68dfa0cfbf5040bcb354011ccd277078b067
Instruction ID: aace4f5f6edd183b133fdf4e4701db54a5bb30bb7a59a62e2ce5c2b82c276aab
Opcode Fuzzy Hash: 0c29f445ca04c2798a4101f98d1b68dfa0cfbf5040bcb354011ccd277078b067
Instruction Fuzzy Hash: AA01E975D01219AFEB109BE59C49EEFBBBCEF09750F004556B904E6290DBB49A05CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 0042711E Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 358COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 00427259
__aulldvrm.LIBCMT ref: 004273FA
__aulldvrm.LIBCMT ref: 0042748D

Strings

d, xrefs: 00427195

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __aulldvrm
String ID: d
API String ID: 1302938615-2564639436
Opcode ID: 92f3a314f94aee7bf3664951fd0aa7892cd7bea82081848237beda51ead6e1f3
Instruction ID: 2a29e47dfeb645cbba4989c50d10ac3a17c78e97e4c22e969295b565acbb20f5
Opcode Fuzzy Hash: 92f3a314f94aee7bf3664951fd0aa7892cd7bea82081848237beda51ead6e1f3
Instruction Fuzzy Hash: 91E1B7A9A0D2D09EDF06DF6DB4A11ADBF739B5A201708C0DAC9D54B323C5384D11D77A

Uniqueness

Uniqueness Score: -1.00%

Function 005CF200 Relevance: 6.1, APIs: 4, Instructions: 82fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(005D004B,00000000,00000007,00000000,00000003,02200000,00000000,2D5DBC68,?,00000000,?,005D004B,?), ref: 005CF243
new.LIBCMT ref: 005CF263
DeviceIoControl.KERNEL32 ref: 005CF291
CloseHandle.KERNEL32(00000000), ref: 005CF2D0

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: f815ece0dc1aabffd2dd344dfdbfec935579e43d4fd7ba11b451de3cb1166dd9
Instruction ID: 364d7e8f96c196a85623c56f144f71f59c499aa789fc39dfd9d813af084301b4
Opcode Fuzzy Hash: f815ece0dc1aabffd2dd344dfdbfec935579e43d4fd7ba11b451de3cb1166dd9
Instruction Fuzzy Hash: EB210D79A84304BFE7608F94DC4AF997FA9FB05724F200229F915AB2C0D7B45A04C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 004BAF5C Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004BAF61
___from_strstr_to_strchr.LIBCMT ref: 004BB048

Part of subcall function 004BC47A: __EH_prolog.LIBCMT ref: 004BC47F

Part of subcall function 004BD4BA: __EH_prolog.LIBCMT ref: 004BD4BF

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 004BB043

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$___from_strstr_to_strchr
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
API String ID: 423314503-3812731148
Opcode ID: f7944ef7c53056260a9f4d1e851776a17f0ce83f9c86b73060d9863230577118
Instruction ID: 20005f4af06ca05258a67fcc0cc7a6772db13b2771217b54e43b06ac8c3df241
Opcode Fuzzy Hash: f7944ef7c53056260a9f4d1e851776a17f0ce83f9c86b73060d9863230577118
Instruction Fuzzy Hash: 3DD1B07060060AAFDB19DF28C495BFABBE1FF44304F14419AE8558B351C7B8E862DBB5

Uniqueness

Uniqueness Score: -1.00%

Function 004B8B6B Relevance: 4.6, APIs: 3, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B8B70
GetProcessHeap.KERNEL32(00000000,00000060,?,?,00000000), ref: 004B8B84
HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 004B8B8B

Part of subcall function 0040F438: __EH_prolog.LIBCMT ref: 0040F43D

Part of subcall function 004B0DE2: __CxxThrowException@8.LIBVCRUNTIME ref: 004B0DFC
Part of subcall function 004B0DE2: __EH_prolog.LIBCMT ref: 004B0E07
Part of subcall function 004B0DE2: GetProcessHeap.KERNEL32(00000000,00000040), ref: 004B0E1B
Part of subcall function 004B0DE2: HeapAlloc.KERNEL32(00000000), ref: 004B0E22

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Heap$H_prolog$AllocProcess$Exception@8Throw
String ID:
API String ID: 366758686-0
Opcode ID: 1f2dc041dcf747c3e80210d5c6422096e2b3a00b93f2d3bf26ed929f5451a444
Instruction ID: 6a4b64ab387b7b43378e0e3dd9749b4186d1dcc24dccc6994ed67e7ae1b888d3
Opcode Fuzzy Hash: 1f2dc041dcf747c3e80210d5c6422096e2b3a00b93f2d3bf26ed929f5451a444
Instruction Fuzzy Hash: 07118FB1D05248EADB01DBA9C949BDEFFF8EF54304F10409EE504AB242D7B95B04CB65

Uniqueness

Uniqueness Score: -1.00%

Function 004269D4 Relevance: 3.0, APIs: 2, Instructions: 37COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,00000220,00000000,00000000,00000000,?,00000000,76CDFA50,00426975,?,?,00000000,00000000,?,00000000), ref: 004269EC
GetLastError.KERNEL32(?,00000000,76CDFA50,00426975,?,?,00000000,00000000,?,00000000,00000000,00000000), ref: 00426A11

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ErrorFileFindFirstLast
String ID:
API String ID: 873889042-0
Opcode ID: 3f47211a3d1292322d94dd9ffac7f2ed8caf95052f2821213890d616a833dccf
Instruction ID: 7476eb702744dd527e45b7fff867582633ed137c3c2e3e9643eb08402786ddb1
Opcode Fuzzy Hash: 3f47211a3d1292322d94dd9ffac7f2ed8caf95052f2821213890d616a833dccf
Instruction Fuzzy Hash: 91F0BBF13443109BE3305A79ACC8FA37959E785328F91491FF25AA61D0CBB49C464674

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA72 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c3f7e1f18e3c7d79d3b64c130862757a094c5a6eed26b047f490793c0227657
Instruction ID: a81d5ed95a12d33e288bf159931503bdfebec61ba3c2220e1b971e36f664e6c7
Opcode Fuzzy Hash: 8c3f7e1f18e3c7d79d3b64c130862757a094c5a6eed26b047f490793c0227657
Instruction Fuzzy Hash: 42312477A14285CFC308CF6D5C823A9BF60FBE2200B04866AE845E72C2D2755515C75C

Uniqueness

Uniqueness Score: -1.00%

Function 00526AF6 Relevance: 63.1, APIs: 1, Strings: 35, Instructions: 111COMMON

Download Yara Rule

APIs

__swprintf.LEGACY_STDIO_DEFINITIONS ref: 00526C17

Strings

One of arguments' values is out of range, xrefs: 00526B3F
Requested object was not found, xrefs: 00526B2D
OpenGL API call, xrefs: 00526B87
The function/feature is not implemented, xrefs: 00526B63
Memory block has been corrupted, xrefs: 00526B69
Image step is wrong, xrefs: 00526BC4
Formats of input arguments do not match, xrefs: 00526B33
Unsupported format or combination of formats, xrefs: 00526B45
Assertion failed, xrefs: 00526B6F
Inplace operation is not supported, xrefs: 00526B27
Sizes of input arguments do not match, xrefs: 00526B39
Bad flag (parameter or structure field), xrefs: 00526B4B
Bad type of mask argument, xrefs: 00526B57
Null pointer, xrefs: 00526B8D
Parsing error, xrefs: 00526B5D
No GPU support, xrefs: 00526B75
Backtrace, xrefs: 00526C29
Division by zero occured, xrefs: 00526B21
Incorrect size of input array, xrefs: 00526B1B
Bad number of channels, xrefs: 00526BCA
Input image depth is not supported by function, xrefs: 00526BD0
Unspecified error, xrefs: 00526C2F
status, xrefs: 00526C03, 00526C10
No Error, xrefs: 00526C23
No OpenGL support, xrefs: 00526B81
Iterations do not converge, xrefs: 00526BB8
Bad parameter of type CvPoint, xrefs: 00526B51
error, xrefs: 00526BFD
Insufficient memory, xrefs: 00526C3B
Gpu API call, xrefs: 00526B7B
Internal error, xrefs: 00526C35
Autotrace call, xrefs: 00526BBE
Input COI is not supported, xrefs: 00526BD6
Unknown %s code %d, xrefs: 00526C11
Bad argument, xrefs: 00526BDC

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __swprintf
String ID: Assertion failed$Autotrace call$Backtrace$Bad argument$Bad flag (parameter or structure field)$Bad number of channels$Bad parameter of type CvPoint$Bad type of mask argument$Division by zero occured$Formats of input arguments do not match$Gpu API call$Image step is wrong$Incorrect size of input array$Inplace operation is not supported$Input COI is not supported$Input image depth is not supported by function$Insufficient memory$Internal error$Iterations do not converge$Memory block has been corrupted$No Error$No GPU support$No OpenGL support$Null pointer$One of arguments' values is out of range$OpenGL API call$Parsing error$Requested object was not found$Sizes of input arguments do not match$The function/feature is not implemented$Unknown %s code %d$Unspecified error$Unsupported format or combination of formats$error$status
API String ID: 1857805200-1549692122
Opcode ID: f3631eacad4194858451593ae7bd8c722872eccafc81514b0dc3c4b03d3a3f41
Instruction ID: 53b4af2ab741bcb213036afcfe5f3fbf30b126f3875418c0a415ac75eb0e4bf0
Opcode Fuzzy Hash: f3631eacad4194858451593ae7bd8c722872eccafc81514b0dc3c4b03d3a3f41
Instruction Fuzzy Hash: DC21C62DA0086587BF2CD23C696453D2480FED63A4FEC47B6F569D3EE3C25D8D412146

Uniqueness

Uniqueness Score: -1.00%

Function 004188AB Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 289networkCOMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 004188AF

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 004188BA
gethostbyname.WS2_32(?), ref: 004188EE
_strlen.LIBCMT ref: 004189A8
htons.WS2_32(00000000), ref: 004189DE
socket.WS2_32(00000002,00000001,00000006), ref: 004189FB
setsockopt.WS2_32(00000000,0000FFFF,00001006,000003E8,00000004), ref: 00418A1B
connect.WS2_32(00000000,?,00000010), ref: 00418AC1

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Strings

-, xrefs: 00418A58
ddos_stop, xrefs: 00418914
b, xrefs: 00418BDF
(, xrefs: 00418BD8

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: DeallocateExceptionException@8H_prologRaiseThrow_strlenconnectgethostbynamehtonssetsockoptsocketstd::_
String ID: ($-$b$ddos_stop
API String ID: 1589026174-1644948824
Opcode ID: d030039adcfefc39ff552d71692db85e7638fbcd0444616a72680111de9ec893
Instruction ID: 212e067d65c976a6134065eda8ad71f5aa434052f10650b04c9e458efc0c0cbd
Opcode Fuzzy Hash: d030039adcfefc39ff552d71692db85e7638fbcd0444616a72680111de9ec893
Instruction Fuzzy Hash: FEB12271900248AEEB10DFA8DC85BEDBBB8BF19304F10416FF505A71A1EB786E84CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00408186 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 160COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040818B
_strlen.LIBCMT ref: 004081B3

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 004081FD
_strlen.LIBCMT ref: 00408244
_strlen.LIBCMT ref: 0040828B
_strlen.LIBCMT ref: 004082D5
_strlen.LIBCMT ref: 00408334

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 00408310, 00408321, 0040833B
A09E667F3BCC908B, xrefs: 0040819B, 004081A9, 004081BA
B67AE8584CAA73B2, xrefs: 004081E8, 004081F3, 00408204
C6EF372FE94F82BE, xrefs: 0040822F, 0040823A, 0040824B
54FF53A5F1D36F1C, xrefs: 00408276, 00408281, 00408292
10E527FADE682D1D, xrefs: 004082BD, 004082C8, 004082DC

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: af21ac0c3349518e03e9c0a97a6a29a60763bb2630f6d3d132fcf1b85d4f83fb
Instruction ID: 15fbb3c951a0cf78df6a900232873ff12f33c2b58c4e3dc235cfb68bbab15b2e
Opcode Fuzzy Hash: af21ac0c3349518e03e9c0a97a6a29a60763bb2630f6d3d132fcf1b85d4f83fb
Instruction Fuzzy Hash: 56518371C05298EEEB50EBA9D841BEDBBF4AF55300F2041AEE518F7282DA741F44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 004043CE Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 160COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004043D3
_strlen.LIBCMT ref: 004043FB

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 00404445
_strlen.LIBCMT ref: 0040448C
_strlen.LIBCMT ref: 004044D3
_strlen.LIBCMT ref: 0040451D
_strlen.LIBCMT ref: 0040457C

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 00404558, 00404569, 00404583
A09E667F3BCC908B, xrefs: 004043E3, 004043F1, 00404402
B67AE8584CAA73B2, xrefs: 00404430, 0040443B, 0040444C
C6EF372FE94F82BE, xrefs: 00404477, 00404482, 00404493
54FF53A5F1D36F1C, xrefs: 004044BE, 004044C9, 004044DA
10E527FADE682D1D, xrefs: 00404505, 00404510, 00404524

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: a502132f9bdcc661911187c7b261428a046e5161712a956ae8707acb270d792b
Instruction ID: 4e1a102844bff2765a4901dda53e7d72d31fbbcdeb7d9b590e8ec79db0352fad
Opcode Fuzzy Hash: a502132f9bdcc661911187c7b261428a046e5161712a956ae8707acb270d792b
Instruction Fuzzy Hash: 2C517571C05298AEEF50EBA9D841BEDBBF4AF55300F2040AEE518F7282DA741E44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040C56F Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 160COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040C574
_strlen.LIBCMT ref: 0040C59C

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 0040C5E6
_strlen.LIBCMT ref: 0040C62D
_strlen.LIBCMT ref: 0040C674
_strlen.LIBCMT ref: 0040C6BE
_strlen.LIBCMT ref: 0040C71D

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 0040C6F9, 0040C70A, 0040C724
A09E667F3BCC908B, xrefs: 0040C584, 0040C592, 0040C5A3
B67AE8584CAA73B2, xrefs: 0040C5D1, 0040C5DC, 0040C5ED
C6EF372FE94F82BE, xrefs: 0040C618, 0040C623, 0040C634
54FF53A5F1D36F1C, xrefs: 0040C65F, 0040C66A, 0040C67B
10E527FADE682D1D, xrefs: 0040C6A6, 0040C6B1, 0040C6C5

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: 1e4644023c9992da43a2cb2b98ea07c198e1b5b0ad44e104de559c95366cbb47
Instruction ID: 820a24787a4c911dc0989f6c5ac4e6f79867204f4eee875757e2da9dc1641ecf
Opcode Fuzzy Hash: 1e4644023c9992da43a2cb2b98ea07c198e1b5b0ad44e104de559c95366cbb47
Instruction Fuzzy Hash: A0517371C05298AEEB50EBA9D841BEDBBF4AF55300F1040AEE519F7282DA741F44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040A602 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 160COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040A607
_strlen.LIBCMT ref: 0040A62F

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 0040A679
_strlen.LIBCMT ref: 0040A6C0
_strlen.LIBCMT ref: 0040A707
_strlen.LIBCMT ref: 0040A751
_strlen.LIBCMT ref: 0040A7B0

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 0040A78C, 0040A79D, 0040A7B7
A09E667F3BCC908B, xrefs: 0040A617, 0040A625, 0040A636
B67AE8584CAA73B2, xrefs: 0040A664, 0040A66F, 0040A680
C6EF372FE94F82BE, xrefs: 0040A6AB, 0040A6B6, 0040A6C7
54FF53A5F1D36F1C, xrefs: 0040A6F2, 0040A6FD, 0040A70E
10E527FADE682D1D, xrefs: 0040A739, 0040A744, 0040A758

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: b9a957b2389aa0897cf7aa7ec02f18bc469a2dc7ec67a8160a25da426074ea73
Instruction ID: f0ce4762724f2496d363b9ff8ce18a79b1f23062014612d5764ce21e7d78337e
Opcode Fuzzy Hash: b9a957b2389aa0897cf7aa7ec02f18bc469a2dc7ec67a8160a25da426074ea73
Instruction Fuzzy Hash: 73518470C05298AEEF50EBA9D841BEDBBF4AF55304F1040AEE518F7282DA781F44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00408A51 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 160COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00408A56
_strlen.LIBCMT ref: 00408A7E

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 00408AC8
_strlen.LIBCMT ref: 00408B0F
_strlen.LIBCMT ref: 00408B56
_strlen.LIBCMT ref: 00408BA0
_strlen.LIBCMT ref: 00408BFF

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 00408BDB, 00408BEC, 00408C06
A09E667F3BCC908B, xrefs: 00408A66, 00408A74, 00408A85
B67AE8584CAA73B2, xrefs: 00408AB3, 00408ABE, 00408ACF
C6EF372FE94F82BE, xrefs: 00408AFA, 00408B05, 00408B16
54FF53A5F1D36F1C, xrefs: 00408B41, 00408B4C, 00408B5D
10E527FADE682D1D, xrefs: 00408B88, 00408B93, 00408BA7

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: dcdb5ea9b330c9cb4dd82f9d21394d1d0b22953e23a1d8ddc4016b525ba65ab4
Instruction ID: 82927464066e5d64ad563dfa16edb15fe9c21c111162d48adc6cf5b025f25bcb
Opcode Fuzzy Hash: dcdb5ea9b330c9cb4dd82f9d21394d1d0b22953e23a1d8ddc4016b525ba65ab4
Instruction Fuzzy Hash: 40518570C05298AEEF51EBA9D841BEDBBF4AF55300F1040AEE518F7282DA741F44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00404CC0 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 160COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00404CC5
_strlen.LIBCMT ref: 00404CED

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 00404D37
_strlen.LIBCMT ref: 00404D7E
_strlen.LIBCMT ref: 00404DC5
_strlen.LIBCMT ref: 00404E0F
_strlen.LIBCMT ref: 00404E6E

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 00404E4A, 00404E5B, 00404E75
A09E667F3BCC908B, xrefs: 00404CD5, 00404CE3, 00404CF4
B67AE8584CAA73B2, xrefs: 00404D22, 00404D2D, 00404D3E
C6EF372FE94F82BE, xrefs: 00404D69, 00404D74, 00404D85
54FF53A5F1D36F1C, xrefs: 00404DB0, 00404DBB, 00404DCC
10E527FADE682D1D, xrefs: 00404DF7, 00404E02, 00404E16

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: c5fd530577b98ccdccfa11f9fa4b4edca678a025bdc8d3f406937387bf29b6d9
Instruction ID: eaae416ebb35603555c3f789ceabeecb30c4b6f400c3e9e5542155036aaf6c01
Opcode Fuzzy Hash: c5fd530577b98ccdccfa11f9fa4b4edca678a025bdc8d3f406937387bf29b6d9
Instruction Fuzzy Hash: 83518570C05298AEEB50EBA9D8417EDBBF4AF55300F1040AEE515F7282DA741F44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040CE3A Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 160COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040CE3F
_strlen.LIBCMT ref: 0040CE67

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 0040CEB1
_strlen.LIBCMT ref: 0040CEF8
_strlen.LIBCMT ref: 0040CF3F
_strlen.LIBCMT ref: 0040CF89
_strlen.LIBCMT ref: 0040CFE8

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 0040CFC4, 0040CFD5, 0040CFEF
A09E667F3BCC908B, xrefs: 0040CE4F, 0040CE5D, 0040CE6E
B67AE8584CAA73B2, xrefs: 0040CE9C, 0040CEA7, 0040CEB8
C6EF372FE94F82BE, xrefs: 0040CEE3, 0040CEEE, 0040CEFF
54FF53A5F1D36F1C, xrefs: 0040CF2A, 0040CF35, 0040CF46
10E527FADE682D1D, xrefs: 0040CF71, 0040CF7C, 0040CF90

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: 40e75e47dbdacb430a95b0c43cbe7cff051da99701a9626d5ec52735a88934a0
Instruction ID: 541d9324fba16dbb128df455bd45aacc064f521391c7b7f941088558b1f4484e
Opcode Fuzzy Hash: 40e75e47dbdacb430a95b0c43cbe7cff051da99701a9626d5ec52735a88934a0
Instruction Fuzzy Hash: 3E519571C05298AEEF50EBA9D841BEDBBF4AF95300F1040AEE518F7282DB741E44DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040AECD Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 160COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040AED2
_strlen.LIBCMT ref: 0040AEFA

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 0040AF44
_strlen.LIBCMT ref: 0040AF8B
_strlen.LIBCMT ref: 0040AFD2
_strlen.LIBCMT ref: 0040B01C
_strlen.LIBCMT ref: 0040B07B

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 0040B057, 0040B068, 0040B082
A09E667F3BCC908B, xrefs: 0040AEE2, 0040AEF0, 0040AF01
B67AE8584CAA73B2, xrefs: 0040AF2F, 0040AF3A, 0040AF4B
C6EF372FE94F82BE, xrefs: 0040AF76, 0040AF81, 0040AF92
54FF53A5F1D36F1C, xrefs: 0040AFBD, 0040AFC8, 0040AFD9
10E527FADE682D1D, xrefs: 0040B004, 0040B00F, 0040B023

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: cd3772b007e2e3605034e7384b8f6e1ed791610d58832108830bd4f07e3c60ee
Instruction ID: cedfa38532cc3c87211090a3ce261768bfbfd649fecbc882319574a78002f880
Opcode Fuzzy Hash: cd3772b007e2e3605034e7384b8f6e1ed791610d58832108830bd4f07e3c60ee
Instruction Fuzzy Hash: 93517671C05298AEEB50EBA5D8417EDBBF4AF55300F1080AEE519F7282DA741F44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040946C Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 160COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00409471
_strlen.LIBCMT ref: 00409499

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 004094E3
_strlen.LIBCMT ref: 0040952A
_strlen.LIBCMT ref: 00409571
_strlen.LIBCMT ref: 004095BB
_strlen.LIBCMT ref: 0040961A

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 004095F6, 00409607, 00409621
A09E667F3BCC908B, xrefs: 00409481, 0040948F, 004094A0
B67AE8584CAA73B2, xrefs: 004094CE, 004094D9, 004094EA
C6EF372FE94F82BE, xrefs: 00409515, 00409520, 00409531
54FF53A5F1D36F1C, xrefs: 0040955C, 00409567, 00409578
10E527FADE682D1D, xrefs: 004095A3, 004095AE, 004095C2

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: d69e1884139fa0826622fd73ff69086d486a5b5cd42b705f9d9cc20b701e6a36
Instruction ID: 4d2ba738191a77f09488d5e29782d35add50baeb1bf84f2c720dbd8f47036253
Opcode Fuzzy Hash: d69e1884139fa0826622fd73ff69086d486a5b5cd42b705f9d9cc20b701e6a36
Instruction Fuzzy Hash: 60517571C05298AEEF50EBA9D841BEDBBF4AF55310F1040AEE518F7282DA741F44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040B4BA Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 160COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040B4BF
_strlen.LIBCMT ref: 0040B4E7

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 0040B531
_strlen.LIBCMT ref: 0040B578
_strlen.LIBCMT ref: 0040B5BF
_strlen.LIBCMT ref: 0040B609
_strlen.LIBCMT ref: 0040B668

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 0040B644, 0040B655, 0040B66F
A09E667F3BCC908B, xrefs: 0040B4CF, 0040B4DD, 0040B4EE
B67AE8584CAA73B2, xrefs: 0040B51C, 0040B527, 0040B538
C6EF372FE94F82BE, xrefs: 0040B563, 0040B56E, 0040B57F
54FF53A5F1D36F1C, xrefs: 0040B5AA, 0040B5B5, 0040B5C6
10E527FADE682D1D, xrefs: 0040B5F1, 0040B5FC, 0040B610

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: c0f530f9b8b04e4d81636107d62a78154735764b4faa06a75b8f874c7da1aa36
Instruction ID: 0b10c994a98373b41a76bcbfd873894fa1b253c0060d470191d0c7fac13e59e7
Opcode Fuzzy Hash: c0f530f9b8b04e4d81636107d62a78154735764b4faa06a75b8f874c7da1aa36
Instruction Fuzzy Hash: DD518571C05298AEEF50EBA9D841BEDBBF4AF55310F1040AEE518F7282DA781F44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 004025CE Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 159COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004025CE
_strlen.LIBCMT ref: 004025F6

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 00402640
_strlen.LIBCMT ref: 00402687
_strlen.LIBCMT ref: 004026CE
_strlen.LIBCMT ref: 00402718
_strlen.LIBCMT ref: 00402777

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 00402753, 00402764, 0040277E
A09E667F3BCC908B, xrefs: 004025DE, 004025EC, 004025FD
B67AE8584CAA73B2, xrefs: 0040262B, 00402636, 00402647
C6EF372FE94F82BE, xrefs: 00402672, 0040267D, 0040268E
54FF53A5F1D36F1C, xrefs: 004026B9, 004026C4, 004026D5
10E527FADE682D1D, xrefs: 00402700, 0040270B, 0040271F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: 8c6fbcf32a1802c163c37b99494cf58d4dadafcc0565b78fb29883f966cc291a
Instruction ID: a58e6ca50c14e4df1fe0a63d90d4e3dd48b6d296f92a12d3b382b13a8f03c481
Opcode Fuzzy Hash: 8c6fbcf32a1802c163c37b99494cf58d4dadafcc0565b78fb29883f966cc291a
Instruction Fuzzy Hash: 50518671C05298AEEF50EBA9D8417EDBBF4EF55300F1040AEE519F7282DA781E44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00402F41 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 159COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00402F41
_strlen.LIBCMT ref: 00402F69

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 00402FB3
_strlen.LIBCMT ref: 00402FFA
_strlen.LIBCMT ref: 00403041
_strlen.LIBCMT ref: 0040308B
_strlen.LIBCMT ref: 004030EA

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 004030C6, 004030D7, 004030F1
A09E667F3BCC908B, xrefs: 00402F51, 00402F5F, 00402F70
B67AE8584CAA73B2, xrefs: 00402F9E, 00402FA9, 00402FBA
C6EF372FE94F82BE, xrefs: 00402FE5, 00402FF0, 00403001
54FF53A5F1D36F1C, xrefs: 0040302C, 00403037, 00403048
10E527FADE682D1D, xrefs: 00403073, 0040307E, 00403092

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 1696903463-4081904993
Opcode ID: 2616132cbb5c9779b27f37327db9aac9d1065733a6bf9ca4187c8b58f661f652
Instruction ID: acc281ffcd21c27be5a3eea3ee8e6ceb945bb9388b6689746376e60f724206a8
Opcode Fuzzy Hash: 2616132cbb5c9779b27f37327db9aac9d1065733a6bf9ca4187c8b58f661f652
Instruction Fuzzy Hash: 1B518570C05298AEEF50EBA9D8417EDBBF4AF55310F1080AEE519F7282DB741E44CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0069F720 Relevance: 19.7, APIs: 2, Strings: 9, Instructions: 414COMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,000000D9,?,?), ref: 0069F7D0
GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,000000D9,?,?), ref: 0069F7F3

Strings

<program name unknown>, xrefs: 0069F7FD
(Press Retry to debug the application - JIT must be enabled), xrefs: 0069FB5B
..., xrefs: 0069F86C, 0069F9B3, 0069FAFF, 0069FBAE, 0069FBF0, 0069FC23
Line: , xrefs: 0069FA03
Assertion failed!, xrefs: 0069F74A
For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts, xrefs: 0069FB2D
Expression: , xrefs: 0069FA81
Program: , xrefs: 0069F78D
File: , xrefs: 0069F8B5

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName
String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program:
API String ID: 4146042529-1508414584
Opcode ID: 7b80eba7eeabd7178fc21f26241d7c372d682fef6f3091b7ea3d7901d9383376
Instruction ID: f46707ea6c946a8ab2291f218ae75ddb0baf0e08649000f720efd0b6707dd3e3
Opcode Fuzzy Hash: 7b80eba7eeabd7178fc21f26241d7c372d682fef6f3091b7ea3d7901d9383376
Instruction Fuzzy Hash: A3D1F4B1A4010DAADF24AB259D85BFB736EEF64704F0541B8EC09D2641F734DE818F65

Uniqueness

Uniqueness Score: -1.00%

Function 006B35AE Relevance: 19.6, APIs: 13, Instructions: 114COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 006B35F2

Part of subcall function 006B294C: _free.LIBCMT ref: 006B2969
Part of subcall function 006B294C: _free.LIBCMT ref: 006B297B
Part of subcall function 006B294C: _free.LIBCMT ref: 006B298D
Part of subcall function 006B294C: _free.LIBCMT ref: 006B299F
Part of subcall function 006B294C: _free.LIBCMT ref: 006B29B1
Part of subcall function 006B294C: _free.LIBCMT ref: 006B29C3
Part of subcall function 006B294C: _free.LIBCMT ref: 006B29D5
Part of subcall function 006B294C: _free.LIBCMT ref: 006B29E7
Part of subcall function 006B294C: _free.LIBCMT ref: 006B29F9
Part of subcall function 006B294C: _free.LIBCMT ref: 006B2A0B
Part of subcall function 006B294C: _free.LIBCMT ref: 006B2A1D
Part of subcall function 006B294C: _free.LIBCMT ref: 006B2A2F
Part of subcall function 006B294C: _free.LIBCMT ref: 006B2A41

_free.LIBCMT ref: 006B35E7

Part of subcall function 006A071F: RtlFreeHeap.NTDLL(00000000,00000000,?,006B30B9,?,00000000,?,00000000,?,006B335D,?,00000007,?,?,006B3746,?), ref: 006A0735
Part of subcall function 006A071F: GetLastError.KERNEL32(?,?,006B30B9,?,00000000,?,00000000,?,006B335D,?,00000007,?,?,006B3746,?,?), ref: 006A0747

_free.LIBCMT ref: 006B3609
_free.LIBCMT ref: 006B361E
_free.LIBCMT ref: 006B3629
_free.LIBCMT ref: 006B364B
_free.LIBCMT ref: 006B365E
_free.LIBCMT ref: 006B366C
_free.LIBCMT ref: 006B3677
_free.LIBCMT ref: 006B36AF
_free.LIBCMT ref: 006B36B6
_free.LIBCMT ref: 006B36D3
_free.LIBCMT ref: 006B36EB

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 2b75e039e0b39f776c92bd762f7d21cfaeff1da4be197f2229d4f34e92bd172b
Instruction ID: 30f4044870023e86c0627b08cd35f893ab27d886ae8d4ed0a4237555938979c7
Opcode Fuzzy Hash: 2b75e039e0b39f776c92bd762f7d21cfaeff1da4be197f2229d4f34e92bd172b
Instruction Fuzzy Hash: CD314CB1600615AFEB60AA39D855BD673EAAF01310F20442DE559DB3A1EF30EE948F24

Uniqueness

Uniqueness Score: -1.00%

Function 004183E9 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 320networkCOMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 004183ED

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 004183F8
gethostbyname.WS2_32(?), ref: 0041842F
htons.WS2_32(00000000), ref: 00418565
socket.WS2_32(00000002,00000001,00000006), ref: 00418618
connect.WS2_32(00000000,?,00000010), ref: 00418633
closesocket.WS2_32(00000000), ref: 00418745

Part of subcall function 0041CECB: __Thrd_sleep.LIBCPMT ref: 0041CF5E

Strings

A, xrefs: 0041847B
%, xrefs: 004187D1
d, xrefs: 0041881D
GET /, xrefs: 0041856F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ExceptionException@8H_prologRaiseThrd_sleepThrowclosesocketconnectgethostbynamehtonssocket
String ID: %$A$GET /$d
API String ID: 3725675640-1435572508
Opcode ID: 6675a76d7843921700aa30594a4f3458998e593b32edcfe262d4075c8e01cfb9
Instruction ID: 8619baa90a74c0ca68f1c9847fdf6309a755cb345366d807b23a94a538fc79da
Opcode Fuzzy Hash: 6675a76d7843921700aa30594a4f3458998e593b32edcfe262d4075c8e01cfb9
Instruction Fuzzy Hash: 13D1E07190064CDEDB01DFA8DC81BEEBBB8FF59304F10816EE505A71A1EB785A84CB55

Uniqueness

Uniqueness Score: -1.00%

Function 004BB388 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 182COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004BB38D
__CxxThrowException@8.LIBVCRUNTIME ref: 004BB550

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

std::exception::exception.LIBCONCRT ref: 004BB55F
std::exception::exception.LIBCONCRT ref: 004BB58D
std::exception::exception.LIBCONCRT ref: 004BB51F

Part of subcall function 0040F2EC: ___std_exception_copy.LIBVCRUNTIME ref: 0040F313

std::exception::exception.LIBCONCRT ref: 004BB5B1

Strings

expected ' or ", xrefs: 004BB517, 004BB55A
expected attribute name, xrefs: 004BB5A9
4s, xrefs: 004BB547, 004BB557, 004BB54F
attribute && !attribute->parent(), xrefs: 004BB422
expected =, xrefs: 004BB585

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::exception::exception$ExceptionException@8H_prologRaiseThrow___std_exception_copy
String ID: 4s$attribute && !attribute->parent()$expected ' or "$expected =$expected attribute name
API String ID: 4183761955-1787543433
Opcode ID: e206aa80c2eab8b8878550c8d9e863e126b9cd75c905938bc5f91daac5c78890
Instruction ID: 9082df67099e57361299c8897f934f8f1a7be3fa6ed442b609c97e58f728c1bd
Opcode Fuzzy Hash: e206aa80c2eab8b8878550c8d9e863e126b9cd75c905938bc5f91daac5c78890
Instruction Fuzzy Hash: 93716DB09052459FDB24CF69C0907EABBF0FF19314F24419ED4959B382C3B99A06CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004621C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 134COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004621C7
_strlen.LIBCMT ref: 00462287
_strlen.LIBCMT ref: 0046229A

Strings

', xrefs: 004622A8, 004622B4
&, xrefs: 004622BB, 004622C7
<, xrefs: 00462295, 004622A1
>, xrefs: 00462282, 0046228E
", xrefs: 004622CE, 004622DA

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$H_prolog
String ID: &$'$>$<$"
API String ID: 1011152186-87953025
Opcode ID: 8b6acdbd1884c433e3eb66d662ecdef28774b3af9032a18d651404461fcea395
Instruction ID: 60619a5e735b1dd61f3ca2b27c7cec5e4ab35684f43ef6a573e82dac1bf29305
Opcode Fuzzy Hash: 8b6acdbd1884c433e3eb66d662ecdef28774b3af9032a18d651404461fcea395
Instruction Fuzzy Hash: D741E571A00604BEE715DFBCCA9566EB7B8FB11700F50025FE401B3692E7B85E81C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0041800C Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 269networkCOMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00418010

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0041801B
socket.WS2_32(00000002,00000002,00000011), ref: 0041804B
WSAStartup.WS2_32(00000101,?), ref: 00418062
gethostbyname.WS2_32(?), ref: 00418121
htons.WS2_32(00000000), ref: 00418296
closesocket.WS2_32(00000000), ref: 0041836C

Part of subcall function 0044E381: __EH_prolog.LIBCMT ref: 0044E386

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Strings

h, xrefs: 0041816D
Active, xrefs: 0041830F
ddos_stop, xrefs: 0041808C

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$DeallocateExceptionException@8RaiseStartupThrowclosesocketgethostbynamehtonssocketstd::_
String ID: Active$ddos_stop$h
API String ID: 3743251553-2142136108
Opcode ID: 0a87d086086ba9b5432f135244961fe1045880785749232516b012fd462c22f1
Instruction ID: de7d4fac30d88718c9cfa24d6dd51cf25e670066548554b16bac75a5c4634514
Opcode Fuzzy Hash: 0a87d086086ba9b5432f135244961fe1045880785749232516b012fd462c22f1
Instruction Fuzzy Hash: 90A1D071900248EEDB11DFB9CC46BED7BB8EF15304F10816EF505A7292EB785A84CB95

Uniqueness

Uniqueness Score: -1.00%

Function 006AC1A8 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 154COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,006AEB26,00422A2B), ref: 006AC1CB

Strings

sqrt, xrefs: 006AC34F
&j+*B, xrefs: 006AC3B0
asin, xrefs: 006AC337
acos, xrefs: 006AC343
pow, xrefs: 006AC2AF, 006AC35B, 006AC36E
log10, xrefs: 006AC215, 006AC265
0A, xrefs: 006AC241, 006AC2DB, 006AC393
exp, xrefs: 006AC290, 006AC2F2
log, xrefs: 006AC271, 006AC27D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: DecodePointer
String ID: &j+*B$0A$acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-1952416337
Opcode ID: b1498f812940c7db842295f5c54563209ee7a2567a21828b34bcb296b9742395
Instruction ID: b357d7ce9e5ce8eb6c6d449c601a788c08307e782ee0f65c8484335bdf4d4de5
Opcode Fuzzy Hash: b1498f812940c7db842295f5c54563209ee7a2567a21828b34bcb296b9742395
Instruction Fuzzy Hash: 535160B0904609CBCF14EFA8D9485ECBBB2FF4A324F248199D441A7354CB768E648F69

Uniqueness

Uniqueness Score: -1.00%

Function 00401346 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 134COMMON

Download Yara Rule

APIs

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

_strlen.LIBCMT ref: 0040136F
_strlen.LIBCMT ref: 004013B6
_strlen.LIBCMT ref: 004013FD
_strlen.LIBCMT ref: 00401447
_strlen.LIBCMT ref: 004014A6

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

B05688C2B3E6C1FD, xrefs: 00401482, 00401493, 004014AD
B67AE8584CAA73B2, xrefs: 0040135A, 00401365, 00401376
C6EF372FE94F82BE, xrefs: 004013A1, 004013AC, 004013BD
54FF53A5F1D36F1C, xrefs: 004013E8, 004013F3, 00401404
10E527FADE682D1D, xrefs: 0040142F, 0040143A, 0040144E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$Deallocate__onexitstd::_
String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
API String ID: 2266438879-1924342159
Opcode ID: da39afb321ebb5b79a46acd6f49262403dbd32085b12eb1d6de3e4bdc9958aaa
Instruction ID: e3f6e4ed26c1171030c5f62641186f8f80774c7b3595355818da57d0c299be82
Opcode Fuzzy Hash: da39afb321ebb5b79a46acd6f49262403dbd32085b12eb1d6de3e4bdc9958aaa
Instruction Fuzzy Hash: 77518870C05298DEDF54DBA9D8417EDBBF4AF55300F2080AEE519F7282DA781E44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 004149A2 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 131COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004149A7
VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,?,00000000,00000000), ref: 00414A2A
VerifyVersionInfoW.KERNEL32(?,00000002,00000000), ref: 00414A3B
CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,000000FF,?,?,00000000,00000000), ref: 00414A91
GetLastError.KERNEL32(?,?,00000000,00000000), ref: 00414A9E

Part of subcall function 0041037A: __EH_prolog.LIBCMT ref: 0041037F

new.LIBCMT ref: 00414ADD
new.LIBCMT ref: 00414AF6

Strings

yFA, xrefs: 004149BE
IKA, xrefs: 004149E1
iocp, xrefs: 00414AB9

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$CompletionConditionCreateErrorInfoLastMaskPortVerifyVersion
String ID: IKA$iocp$yFA
API String ID: 1196141489-2608038400
Opcode ID: 4986c1491a2db2f7b8d9f1aa5ba03b7600fcac1162b12af0b918ebf57e0b935a
Instruction ID: 1be28db19f12501b6fb4aff77f28c7ab733547099b558ec7f059dc77d5376b3d
Opcode Fuzzy Hash: 4986c1491a2db2f7b8d9f1aa5ba03b7600fcac1162b12af0b918ebf57e0b935a
Instruction Fuzzy Hash: EA51BCB1804384DFDB14CF69C88579EBFF4AF55310F1081AEE8489B392C3B88A44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0042A633 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 158windowCOMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 0042A637

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0042A642

Part of subcall function 0044E381: __EH_prolog.LIBCMT ref: 0044E386

Part of subcall function 00461060: __EH_prolog.LIBCMT ref: 00461065

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

GetLastError.KERNEL32 ref: 0042A777
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0042A7A1

Part of subcall function 004AB703: std::_Deallocate.LIBCONCRT ref: 004AB733

Strings

Messages, xrefs: 0042A764
7nY, xrefs: 0042A780
snY, xrefs: 0042A73E
_nY, xrefs: 0042A6EC
0, xrefs: 0042A6AD

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Deallocatestd::_$ErrorExceptionException@8LastMessageRaiseThrow
String ID: 0$7nY$Messages$_nY$snY
API String ID: 2333877577-357471530
Opcode ID: 400b5e496e04c46f8c64405badfcbb78ac8e694ade526f618433924302001305
Instruction ID: 9da7b96ff621f32f9069ae91d5d81b3fab937ab502c573aa5ef8c35d28737e4a
Opcode Fuzzy Hash: 400b5e496e04c46f8c64405badfcbb78ac8e694ade526f618433924302001305
Instruction Fuzzy Hash: E2518EB1D0025CAEEB20DFA5DC84BEEBBBDEB44304F14406AF504A7281CBB85E058B64

Uniqueness

Uniqueness Score: -1.00%

Function 00415033 Relevance: 15.2, APIs: 10, Instructions: 236COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00415038
EnterCriticalSection.KERNEL32(?,76C865A0,?,00000000), ref: 00415061
LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 004150C3
SetLastError.KERNEL32(00000000,76C865A0,?,00000000), ref: 004150D5
GetQueuedCompletionStatus.KERNEL32(?,?,?,?,?,?,00000000), ref: 004150ED
GetLastError.KERNEL32(?,00000000), ref: 004150F6
__ExceptionPtrCopy.LIBCPMT ref: 004151B2
__ExceptionPtrCopy.LIBCPMT ref: 004151C3
PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00415241
GetLastError.KERNEL32(?,00000000), ref: 0041524B

Part of subcall function 00414F2A: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000), ref: 00414F51
Part of subcall function 00414F2A: GetLastError.KERNEL32 ref: 00414F5B

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ErrorLast$CompletionQueuedStatus$CopyCriticalExceptionPostSection$EnterH_prologLeave
String ID:
API String ID: 4011970719-0
Opcode ID: 55e090ddf1c9b92d45048a01d25a9e272ec8599fe88ab40c7b02e9ae99173a20
Instruction ID: 34897399caa75640775a5bbacf9fec6c5dd6c2ccf09fc9a0a4bf3d95f6a717ac
Opcode Fuzzy Hash: 55e090ddf1c9b92d45048a01d25a9e272ec8599fe88ab40c7b02e9ae99173a20
Instruction Fuzzy Hash: 59917971D00619DFCF15DFA4C840AEEBBB5FF88310B14846AE816EB241D7789A46CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 004300A9 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 365COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 004300AD

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 004300B8

Part of subcall function 0044DE59: __EH_prolog.LIBCMT ref: 0044DE5E
Part of subcall function 0044DE59: new.LIBCMT ref: 0044DE84
Part of subcall function 0044DE59: GetModuleHandleA.KERNEL32(?,?,?,?,00000000), ref: 0044DEEB
Part of subcall function 0044DE59: GetProcAddress.KERNEL32(?,?), ref: 0044DF6C

GetCurrentProcess.KERNEL32(00020008,?,?,?,00000000), ref: 004300EA
OpenProcessToken.ADVAPI32(00000000,?,?,00000000), ref: 004300F1
GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,?,?,?,00000000), ref: 00430106
Wow64DisableWow64FsRedirection.KERNEL32(00000002,?,?,00000000), ref: 00430141

Part of subcall function 00461060: __EH_prolog.LIBCMT ref: 00461065

Part of subcall function 004317E2: __EH_prolog.LIBCMT ref: 004317E7

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Part of subcall function 00461060: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 004610E6
Part of subcall function 00461060: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00000000,?,?,00000000), ref: 0046111C

Part of subcall function 004312CA: __EH_prolog.LIBCMT ref: 004312CF

Part of subcall function 00476C03: __EH_prolog.LIBCMT ref: 00476C08

Strings

Open, xrefs: 004304C6
-wdkill, xrefs: 004301BF

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ByteCharMultiProcessTokenWideWow64$AddressCurrentDeallocateDisableExceptionException@8HandleInformationModuleOpenProcRaiseRedirectionThrowstd::_
String ID: -wdkill$Open
API String ID: 1268642766-108266240
Opcode ID: f2821a02c80ec9492e35222d7b195b66f57346d4ee833a9537cb1f3a97ad17d5
Instruction ID: 41ee8f846fb54aecf92d047f2ac0e9fdf6e396cd655f5395e0a14007bb8153d2
Opcode Fuzzy Hash: f2821a02c80ec9492e35222d7b195b66f57346d4ee833a9537cb1f3a97ad17d5
Instruction Fuzzy Hash: 93D14B71D04248EEDB14EBA9CD92BEDBBB4AF65304F1041DEE406A7182DB781F44CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004282BC Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 249COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004282C1
new.LIBCMT ref: 004282DF

Part of subcall function 004A4399: __EH_prolog.LIBCMT ref: 004A439E

Part of subcall function 004B1281: __EH_prolog.LIBCMT ref: 004B1286
Part of subcall function 004B1281: std::exception::exception.LIBCONCRT ref: 004B1345
Part of subcall function 004B1281: __CxxThrowException@8.LIBVCRUNTIME ref: 004B1372

Part of subcall function 004A4514: __EH_prolog.LIBCMT ref: 004A4519
Part of subcall function 004A4514: new.LIBCMT ref: 004A4566

Part of subcall function 004A4867: __EH_prolog.LIBCMT ref: 004A486C

_strlen.LIBCMT ref: 0042845C

Part of subcall function 00460E77: __EH_prolog.LIBCMT ref: 00460E7C

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Strings

}}}, xrefs: 00428453, 00428464, 00428483, 004284B7
{"xml":{"block":{, xrefs: 00428524
allocator_, xrefs: 0042833F
}]}}, xrefs: 004284A1
{"xml":{"block":[{, xrefs: 0042850E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$DeallocateException@8Throw_strlenstd::_std::exception::exception
String ID: allocator_${"xml":{"block":[{${"xml":{"block":{$}]}}$}}}
API String ID: 1519558710-3049038541
Opcode ID: cf055128774f60592a3dd4f536d3d19310936a88d0613da9976bf165f9fed64f
Instruction ID: 8e74e5dbd17faedd92233c1d650ba914d98a3c2b359c8518cf7fc787aec77e35
Opcode Fuzzy Hash: cf055128774f60592a3dd4f536d3d19310936a88d0613da9976bf165f9fed64f
Instruction Fuzzy Hash: 61A1E570E01248EEEF11EBA9D942BDDBBB0AF55304F50409EE50477282EBB81B44CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0054D4B0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 183COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0054D4B5
_strlen.LIBCMT ref: 0054D572

Part of subcall function 00526747: __EH_prolog.LIBCMT ref: 0052674C

Strings

Type name should start with a letter or _, xrefs: 0054D53A
Some of required function pointers (is_instance, release, read or write) are NULL, xrefs: 0054D68B
(, xrefs: 0054D4CD
Type name should contain only letters, digits, - and _, xrefs: 0054D611
Invalid type info, xrefs: 0054D6E5
cvRegisterType, xrefs: 0054D529, 0054D600, 0054D67A, 0054D6D4

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$_strlen
String ID: ($Invalid type info$Some of required function pointers (is_instance, release, read or write) are NULL$Type name should contain only letters, digits, - and _$Type name should start with a letter or _$cvRegisterType
API String ID: 1490583215-3333454738
Opcode ID: eecbd44c14b362af9e7c69a67d38e8b11cd8ccedb7307556048ad87ac5ca101e
Instruction ID: 95645daa29c1e11541bb8f57286c8cbbb84a8f79c9b96ede5d7eeefff689ba99
Opcode Fuzzy Hash: eecbd44c14b362af9e7c69a67d38e8b11cd8ccedb7307556048ad87ac5ca101e
Instruction Fuzzy Hash: 62610371D01348EECB10EF94D981BEEBFB4BF54308F64415AE205A7182EB785B4ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 0044E030 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 145libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0044E035
new.LIBCMT ref: 0044E05B
GetModuleHandleA.KERNEL32(?,?,?,?,00000000), ref: 0044E0C1
GetProcAddress.KERNEL32(?,?), ref: 0044E142
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 0044E19C
GetProductInfo.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 0044E1AE

Strings

q, xrefs: 0044E091
{, xrefs: 0044E0FE

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Info$AddressH_prologHandleModuleProcProductSystem
String ID: q${
API String ID: 1760484215-2622329447
Opcode ID: 13f3b068f6569ef0aa7ecac21480ebf316a42d1a1c3f798a0ac8f8d158110036
Instruction ID: 2018a9e3838fd97179f42bc47fbd35d40b294c3d07c84d0fda71dc35fd26f447
Opcode Fuzzy Hash: 13f3b068f6569ef0aa7ecac21480ebf316a42d1a1c3f798a0ac8f8d158110036
Instruction Fuzzy Hash: 60513971C0474CAEEB019FA9DC81AEEFBB9FF55300F10412EE948A7212EB745A858710

Uniqueness

Uniqueness Score: -1.00%

Function 004161F3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004161F8
GetModuleHandleA.KERNEL32(KERNEL32,CancelIoEx), ref: 0041622E
GetProcAddress.KERNEL32(00000000), ref: 00416235
GetLastError.KERNEL32 ref: 0041624A
EnterCriticalSection.KERNEL32(00000018,0000273D), ref: 004162C7
LeaveCriticalSection.KERNEL32(00000018,?,?,000003E3), ref: 004162F5

Strings

CancelIoEx, xrefs: 00416224
KERNEL32, xrefs: 00416229

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalSection$AddressEnterErrorH_prologHandleLastLeaveModuleProc
String ID: CancelIoEx$KERNEL32
API String ID: 3905279128-434325024
Opcode ID: 369d6c3a43dcee6edc7e1e7c4f54f33cb79032d60b7f67d996bbbdc7e2ba924e
Instruction ID: a7006d18d8acdee5e0b967cd4137457068317b79715a05f2329568f27a806d5a
Opcode Fuzzy Hash: 369d6c3a43dcee6edc7e1e7c4f54f33cb79032d60b7f67d996bbbdc7e2ba924e
Instruction Fuzzy Hash: 9D31C271A002499FDF11EFA4C8816EEB7B5FF48324F15406EE855A7241CBB899428BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00432CC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 98libraryloaderCOMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00432CC4

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 00432CCF
LoadLibraryA.KERNEL32(ntdll.dll,00000000,RtlAdjustPrivilege,?,?,00000000), ref: 00432D09
GetProcAddress.KERNEL32(00000000), ref: 00432D16
GetModuleHandleA.KERNEL32(ntdll.dll,00000000,?,?,00000000), ref: 00432D84
GetProcAddress.KERNEL32(00000000), ref: 00432D8B

Strings

RtlAdjustPrivilege, xrefs: 00432CEC
ntdll.dll, xrefs: 00432D04, 00432D7F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: AddressProc$ExceptionException@8H_prologHandleLibraryLoadModuleRaiseThrow
String ID: RtlAdjustPrivilege$ntdll.dll
API String ID: 1958860538-64178277
Opcode ID: b679daa22566008a588b228a0f399ae62337a8b9c52c85f4b772e076711b2577
Instruction ID: 181ba8571e7ca69a2902c82104256214a52e939873d4e805e75b0ad3c802b7c0
Opcode Fuzzy Hash: b679daa22566008a588b228a0f399ae62337a8b9c52c85f4b772e076711b2577
Instruction Fuzzy Hash: A631B271D0024DAEEB009FEDCC816EEFBB9EF59304F10922AE505E2162EBB419458B50

Uniqueness

Uniqueness Score: -1.00%

Function 004226AE Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 52COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004226B3
__CxxThrowException@8.LIBVCRUNTIME ref: 004226D9

Strings

ios_base::badbit set, xrefs: 004226E8
%(B, xrefs: 004226FC
ios_base::failbit set, xrefs: 0042271C
-J, xrefs: 00422707
-J, xrefs: 00422742, 00422724, 004226F0
ios_base::eofbit set, xrefs: 0042273A

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Exception@8H_prologThrow
String ID: %(B$-J$-J$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3222999186-1624389419
Opcode ID: 321b7316f0767ef0116021abc2423ed97814d3a0d76f17a2fbc1baf0e6f94302
Instruction ID: aa09175c34796eb147eb1c34b455be395ae94e8227792fea42777a0b9671923f
Opcode Fuzzy Hash: 321b7316f0767ef0116021abc2423ed97814d3a0d76f17a2fbc1baf0e6f94302
Instruction Fuzzy Hash: 0311CEB1A40218BBDF00EB94DA56BEE7774AB40704F80415EE901BA1E2DBFD0940DB29

Uniqueness

Uniqueness Score: -1.00%

Function 004312CA Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 373stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004312CF

Part of subcall function 00460CFB: __EH_prolog.LIBCMT ref: 00460D00

Part of subcall function 004AB703: std::_Deallocate.LIBCONCRT ref: 004AB733

Part of subcall function 004B201B: __EH_prolog.LIBCMT ref: 004B2020
Part of subcall function 004B201B: _strlen.LIBCMT ref: 004B203A

Part of subcall function 004B20A2: __EH_prolog.LIBCMT ref: 004B20A7

Part of subcall function 004B1F44: __EH_prolog.LIBCMT ref: 004B1F49

lstrlenW.KERNEL32(?), ref: 00431738

Strings

0, xrefs: 004313EC
$, xrefs: 00431400
pY, xrefs: 00431698
., xrefs: 004313F6
dpY, xrefs: 004315E2

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Deallocate_strlenlstrlenstd::_
String ID: pY$$$.$0$dpY
API String ID: 1102430898-161294348
Opcode ID: 2eecbb8da9c6eff507d607138e73859f36326692bb7e4c3f6d9cb3e5938524b7
Instruction ID: 2019e853b7ba3b3f6dace8cdb3938b96c2a69957cc0489f69eaab64d4fa91aeb
Opcode Fuzzy Hash: 2eecbb8da9c6eff507d607138e73859f36326692bb7e4c3f6d9cb3e5938524b7
Instruction Fuzzy Hash: 40E19E70D04248EEDF10DFA9C945BEDBBB8AF59308F1040AEF405A7192DB785E49CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0043053B Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 360sleepCOMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 0043053F

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0043054A

Part of subcall function 0044E030: __EH_prolog.LIBCMT ref: 0044E035
Part of subcall function 0044E030: new.LIBCMT ref: 0044E05B
Part of subcall function 0044E030: GetModuleHandleA.KERNEL32(?,?,?,?,00000000), ref: 0044E0C1
Part of subcall function 0044E030: GetProcAddress.KERNEL32(?,?), ref: 0044E142

Wow64DisableWow64FsRedirection.KERNEL32(?,?,?,00000000), ref: 0043057E
GetCurrentProcessId.KERNEL32( -uac ,00000001,00000000,00000000,?,?,?,00000000), ref: 0043060C

Part of subcall function 00461060: __EH_prolog.LIBCMT ref: 00461065

Part of subcall function 004317E2: __EH_prolog.LIBCMT ref: 004317E7

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Part of subcall function 00461060: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 004610E6
Part of subcall function 00461060: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00000000,?,?,00000000), ref: 0046111C

Part of subcall function 004312CA: __EH_prolog.LIBCMT ref: 004312CF

Part of subcall function 00476C03: __EH_prolog.LIBCMT ref: 00476C08

Sleep.KERNEL32(000007D0,00000001,00000000), ref: 00430956

Strings

Open, xrefs: 00430934
-uac , xrefs: 004305FC

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ByteCharMultiWideWow64$AddressCurrentDeallocateDisableExceptionException@8HandleModuleProcProcessRaiseRedirectionSleepThrowstd::_
String ID: -uac $Open
API String ID: 579798290-1568193000
Opcode ID: 791cdff285ec6c18f8e8b8cc1e0e7f2746cf6ce6cc8c04337d7c659aa47099ed
Instruction ID: bc9629f558fbc10ef8a2d00f0175091ec6b6f7cbbdd8330f476d59a52988737c
Opcode Fuzzy Hash: 791cdff285ec6c18f8e8b8cc1e0e7f2746cf6ce6cc8c04337d7c659aa47099ed
Instruction Fuzzy Hash: 08D13C71D04288EEDB14EBA9DD51BEDBBB4AF61308F1041DEE40667182DBB41F44CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0041A040 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 224COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 0041A044

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0041A04F

Part of subcall function 0047DA23: __EH_prolog.LIBCMT ref: 0047DA28
Part of subcall function 0047DA23: GetModuleHandleA.KERNEL32(?,00000000,?,?,00000000,00000000), ref: 0047DAD7
Part of subcall function 0047DA23: GetProcAddress.KERNEL32(00000000), ref: 0047DADE

Part of subcall function 00413FDC: std::_Throw_Cpp_error.LIBCPMT ref: 00413FE7

Strings

o, xrefs: 0041A0D4
Po#, xrefs: 0041A0F5
#, xrefs: 0041A0DB
I, xrefs: 0041A152
Po#, xrefs: 0041A2EA, 0041A237, 0041A23A

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$AddressCpp_errorExceptionException@8HandleModuleProcRaiseThrowThrow_std::_
String ID: #$I$Po#$Po#$o
API String ID: 3644655947-2769149942
Opcode ID: 4f845e280cf3a657bef515b370d58f218f93662ea27b56c662e0666267f86af0
Instruction ID: 686d0957ac0dc56bfbc0da5fcef495ae2bfa271e15074c82fe43ed19b16736fb
Opcode Fuzzy Hash: 4f845e280cf3a657bef515b370d58f218f93662ea27b56c662e0666267f86af0
Instruction Fuzzy Hash: D181F671D0424CAEDB00DFE9D881BEDBBB8EF59304F20416EF515A7291EB781A84CB65

Uniqueness

Uniqueness Score: -1.00%

Function 004BB5E0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 116COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004BB5E5
std::exception::exception.LIBCONCRT ref: 004BB6CC
__CxxThrowException@8.LIBVCRUNTIME ref: 004BB6F9
std::exception::exception.LIBCONCRT ref: 004BB720

Part of subcall function 0040F2EC: ___std_exception_copy.LIBVCRUNTIME ref: 0040F313

Strings

unexpected end of data, xrefs: 004BB71B
4s, xrefs: 004BB6F0, 004BB6F8
expected >, xrefs: 004BB6C4

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::exception::exception$Exception@8H_prologThrow___std_exception_copy
String ID: 4s$expected >$unexpected end of data
API String ID: 4209301069-991829502
Opcode ID: 8b1d3957207f505c324ce79e6a95fd0670fcf4cf1a6edb5b0f48bcd14e6a9081
Instruction ID: 0b2fe0a887f8a89c18e3e9c4816864780de2b68ed30e08345f6c81ac900129bf
Opcode Fuzzy Hash: 8b1d3957207f505c324ce79e6a95fd0670fcf4cf1a6edb5b0f48bcd14e6a9081
Instruction Fuzzy Hash: 6141C1709042499FDB10DF69C050AEDBFF5EF19314F24409EE495AB382C7B99E02CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004309C5 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 110libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004309CA
new.LIBCMT ref: 004309F0
GetModuleHandleA.KERNEL32(?,?,?,?,00000000), ref: 00430A5B
GetProcAddress.KERNEL32(00000000,00000000), ref: 00430A79
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00430AC9
GetProductInfo.KERNEL32(00000001,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00430ADB

Strings

RtlGetVersion, xrefs: 00430A63

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Info$AddressH_prologHandleModuleProcProductSystem
String ID: RtlGetVersion
API String ID: 1760484215-3026520245
Opcode ID: a4ad8f4ab691a92ea1e724edc2c889b316426821bedfcb2fae30abbcb81e7894
Instruction ID: 6404758461dc82cfd43961a36794971adb8017d390324696ef4079359887610b
Opcode Fuzzy Hash: a4ad8f4ab691a92ea1e724edc2c889b316426821bedfcb2fae30abbcb81e7894
Instruction Fuzzy Hash: 9531D571D00348ABDB11EFF99C456EEBBB9FF69304F10516EE905A7202E7385E448B54

Uniqueness

Uniqueness Score: -1.00%

Function 00414512 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00414517
std::exception::exception.LIBCONCRT ref: 00414537

Part of subcall function 0040F2EC: ___std_exception_copy.LIBVCRUNTIME ref: 0040F313

Part of subcall function 0041CAA1: __EH_prolog.LIBCMT ref: 0041CAA6
Part of subcall function 0041CAA1: __CxxThrowException@8.LIBVCRUNTIME ref: 0041CAF4

EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000064,00000000,00000001), ref: 00414568
LeaveCriticalSection.KERNEL32(?,?,?,00000000,00000000,00000064,00000000), ref: 004145B0
std::exception::exception.LIBCONCRT ref: 004145D1

Strings

Invalid service owner., xrefs: 0041452F
Service already exists., xrefs: 004145C9

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalH_prologSectionstd::exception::exception$EnterException@8LeaveThrow___std_exception_copy
String ID: Invalid service owner.$Service already exists.
API String ID: 479834926-4115445021
Opcode ID: c426ae453c5316bb45af9c006bb095a1d0b55481944eb36e95d83558caf1e521
Instruction ID: 5e1c88f37677eba64b8ed75703ef542653ff074ccc6753e62f2279e524c2587a
Opcode Fuzzy Hash: c426ae453c5316bb45af9c006bb095a1d0b55481944eb36e95d83558caf1e521
Instruction Fuzzy Hash: 81219E70801208EFDB10DF94C5856DEBBF1FF14318F2085ADE445AB282C775AE49CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00574E11 Relevance: 12.2, APIs: 8, Instructions: 208COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00574E16
new.LIBCMT ref: 00574E5C

Part of subcall function 00575AFF: __EH_prolog.LIBCMT ref: 00575B04
Part of subcall function 00575AFF: _strlen.LIBCMT ref: 00575B3B

new.LIBCMT ref: 00574EA6
new.LIBCMT ref: 00574EFA
new.LIBCMT ref: 00574F44
new.LIBCMT ref: 00574F93
new.LIBCMT ref: 00574FDD

Part of subcall function 00689E2F: Concurrency::cancel_current_task.LIBCPMT ref: 00689E47

Part of subcall function 005788C9: __EH_prolog.LIBCMT ref: 005788CE
Part of subcall function 005788C9: _strlen.LIBCMT ref: 005788F0

new.LIBCMT ref: 00575029

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$_strlen$Concurrency::cancel_current_task
String ID:
API String ID: 194979272-0
Opcode ID: d348dd2e255e7a04975d9478a94b6ef38bd829f02040cb2e86af2ca7f9850373
Instruction ID: ec79fdd97f30282d325d4aa532c5880f809d8fb84260d4748b0d03db5f89a7f5
Opcode Fuzzy Hash: d348dd2e255e7a04975d9478a94b6ef38bd829f02040cb2e86af2ca7f9850373
Instruction Fuzzy Hash: 84816270D0578ADECF01EFB895556EEBFB4BF55300F14846EE104AB281DBB48A04EB65

Uniqueness

Uniqueness Score: -1.00%

Function 0043267E Relevance: 11.0, APIs: 2, Strings: 4, Instructions: 467COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00432682

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0043268D

Part of subcall function 00460CFB: __EH_prolog.LIBCMT ref: 00460D00

Part of subcall function 004AB703: std::_Deallocate.LIBCONCRT ref: 004AB733

Part of subcall function 004B201B: __EH_prolog.LIBCMT ref: 004B2020
Part of subcall function 004B201B: _strlen.LIBCMT ref: 004B203A

Part of subcall function 004B20A2: __EH_prolog.LIBCMT ref: 004B20A7

Part of subcall function 004B0852: __EH_prolog.LIBCMT ref: 004B0857

Part of subcall function 00461197: __EH_prolog.LIBCMT ref: 0046119C

Part of subcall function 00460888: __EH_prolog.LIBCMT ref: 0046088D

Part of subcall function 00461197: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,00000000,00000000,00000008,00596E69,00000000), ref: 0046121C
Part of subcall function 00461197: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000008,00596E69), ref: 00461254

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Strings

}, xrefs: 0043299E
S, xrefs: 00432A02
dpY, xrefs: 00432870
, xrefs: 00432BB2

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ByteCharDeallocateMultiWidestd::_$ExceptionException@8RaiseThrow_strlen
String ID: $S$dpY$}
API String ID: 4020726430-746112674
Opcode ID: 113f429730c0ca8408f6086491309519a94404487e6433849844dfa3caa57dee
Instruction ID: 33e64cb7c2b1de9c5e2858491d9c87aa173111da7c50e413dad8460d0dce7dc2
Opcode Fuzzy Hash: 113f429730c0ca8408f6086491309519a94404487e6433849844dfa3caa57dee
Instruction Fuzzy Hash: F2129070D0529CEEDB15EBA9CD41BDEBBB8AF16304F10409EE00567192DBB81F44DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00419150 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 424networkCOMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00419154

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0041915F
gethostbyname.WS2_32(?), ref: 00419194

Part of subcall function 00415489: __EH_prolog.LIBCMT ref: 0041548E
Part of subcall function 00415489: new.LIBCMT ref: 004154A0
Part of subcall function 00415489: new.LIBCMT ref: 004154DE

Part of subcall function 00416C3E: htons.WS2_32(?), ref: 00416C76
Part of subcall function 00416C3E: htonl.WS2_32(00000000), ref: 00416C8D
Part of subcall function 00416C3E: htonl.WS2_32(00000000), ref: 00416C94

Strings

^, xrefs: 004191E0
+, xrefs: 004193C0
Active, xrefs: 004195F3

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prologhtonl$ExceptionException@8RaiseThrowgethostbynamehtons
String ID: +$Active$^
API String ID: 2841390951-2913068736
Opcode ID: 1cea09d864dfcf1d859b5d15a2b567b7f6b83ba0f52e2f52873567dcb6fb4ba7
Instruction ID: 76f2b2ba441e3810c476b648d6b09e66f3cf649257ec26b1ff93bedae93abb77
Opcode Fuzzy Hash: 1cea09d864dfcf1d859b5d15a2b567b7f6b83ba0f52e2f52873567dcb6fb4ba7
Instruction Fuzzy Hash: 3C029E7280025CEEDB11DFA4DC91BEEB7B8AF15304F1041AFE509A7192EB785E88CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0041A360 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 225COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 0041A364

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0041A36F

Part of subcall function 0041D074: __EH_prolog.LIBCMT ref: 0041D079

Part of subcall function 0047DA23: __EH_prolog.LIBCMT ref: 0047DA28
Part of subcall function 0047DA23: GetModuleHandleA.KERNEL32(?,00000000,?,?,00000000,00000000), ref: 0047DAD7
Part of subcall function 0047DA23: GetProcAddress.KERNEL32(00000000), ref: 0047DADE

Part of subcall function 00413FDC: std::_Throw_Cpp_error.LIBCPMT ref: 00413FE7

Strings

L, xrefs: 0041A3FB
`, xrefs: 0041A47D
P, xrefs: 0041A3F4
A, xrefs: 0041A3ED

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$AddressCpp_errorExceptionException@8HandleModuleProcRaiseThrowThrow_std::_
String ID: A$L$P$`
API String ID: 3644655947-2174273020
Opcode ID: 21451930b223e966d5022d50e5b285d71bff5c51108713edce172a83df457f8b
Instruction ID: 24418ed412d0487b69b78dcf83cc3fd5e794bcf791caf4c1afd30921b42fe6ed
Opcode Fuzzy Hash: 21451930b223e966d5022d50e5b285d71bff5c51108713edce172a83df457f8b
Instruction Fuzzy Hash: EB81E371D0424CAEDB00DFA9DC81BEEBBB8EF59304F10412EF505A7292EB785A84CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0042C89D Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 180COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042C8A2

Part of subcall function 00476ADD: __EH_prolog.LIBCMT ref: 00476AE2

Part of subcall function 00461197: __EH_prolog.LIBCMT ref: 0046119C

Part of subcall function 004A954B: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004A9578

Strings

I, xrefs: 0042C9F8
X, xrefs: 0042C90C
;, xrefs: 0042C913
B, xrefs: 0042C905
5, xrefs: 0042C9F1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Ios_base_dtorstd::ios_base::_
String ID: 5$;$B$I$X
API String ID: 420165198-800781944
Opcode ID: 7ab433d744c6203554de424a4a4b51fc3a4836011f43448c544f8dd85c5f7910
Instruction ID: 71e3667e650e1c2d3238ec360d67e8f501d080642bddfb6115546527270b07ea
Opcode Fuzzy Hash: 7ab433d744c6203554de424a4a4b51fc3a4836011f43448c544f8dd85c5f7910
Instruction Fuzzy Hash: D671DFB0D05298DADB10DFA5DD81BEDBBB4AF26308F1040AEE50577282DB781F49CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0042A3E7 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 170COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042A3EC
GetWindowTextW.USER32(?,00000001), ref: 0042A45D

Part of subcall function 00461060: __EH_prolog.LIBCMT ref: 00461065

Part of subcall function 004AB703: std::_Deallocate.LIBCONCRT ref: 004AB733

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Strings

}nY, xrefs: 0042A5C6
Master: , xrefs: 0042A50B
inY, xrefs: 0042A5B2
Master: , xrefs: 0042A4AF

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: DeallocateH_prologstd::_$TextWindow
String ID: Master: $Master: $inY$}nY
API String ID: 3018432088-1176296115
Opcode ID: a8409e691ce8ff2c451ee8d5de8b0ffec303b613c9b03c010800a3761736c831
Instruction ID: c2da6db55fb7418e840aa233aea7bafd0737402a6d03c2df65e188ea527720ad
Opcode Fuzzy Hash: a8409e691ce8ff2c451ee8d5de8b0ffec303b613c9b03c010800a3761736c831
Instruction Fuzzy Hash: FA61A370904158EEDB11EFA5DC95EDEBB78EF61308F10415EF10267192EB781B48CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 006A8527 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,006A8C9C,00000003,?,00000000,?,00000003,0000000C), ref: 006A8569
__fassign.LIBCMT ref: 006A85E4
__fassign.LIBCMT ref: 006A85FF
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 006A8625
WriteFile.KERNEL32(?,00000000,00000000,006A8C9C,00000000,?,?,?,?,?,?,?,?,?,006A8C9C,00000003), ref: 006A8644
WriteFile.KERNEL32(?,00000003,00000001,006A8C9C,00000000,?,?,?,?,?,?,?,?,?,006A8C9C,00000003), ref: 006A867D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: a4fb15a280a3df87c7f1162d6d12aa4791068cc59d807f6e0048688618483a99
Instruction ID: 4af2083b363394f3ca84eaff485e078f5c9dece442a29705e769d0c756245d66
Opcode Fuzzy Hash: a4fb15a280a3df87c7f1162d6d12aa4791068cc59d807f6e0048688618483a99
Instruction Fuzzy Hash: 1051B4B09002499FDF10DFA8D885AEEBBFAEF0A300F14415AE955E7291DB70AD41CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0046237A Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 118COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0046237F

Strings

&, xrefs: 00462457
<, xrefs: 00462449
', xrefs: 00462450
", xrefs: 0046245E
>, xrefs: 00462442

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: &$'$>$<$"
API String ID: 3519838083-87953025
Opcode ID: 0d17481fadc63b184b842f39d9755eae4be313e2e97948c019425df2077dd0bf
Instruction ID: bc46da44195ae29228bd5d2a7b02967f5d602946dce344660bc559aafc266b8c
Opcode Fuzzy Hash: 0d17481fadc63b184b842f39d9755eae4be313e2e97948c019425df2077dd0bf
Instruction Fuzzy Hash: 6241E470A15614EFCB05DFA8DA856ADBBB4FF05B04F10411FE401A7251EBB89E42CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 004B1281 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B1286
std::exception::exception.LIBCONCRT ref: 004B1345
__CxxThrowException@8.LIBVCRUNTIME ref: 004B1372

Strings

expected <, xrefs: 004B133D
text, xrefs: 004B12A4
4s, xrefs: 004B1369, 004B1371

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Exception@8H_prologThrowstd::exception::exception
String ID: 4s$expected <$text
API String ID: 1340123063-3308706680
Opcode ID: f4b596e56b0b1e3a52c4a593168d4f51ed1d5adf09de71704b99ce2e3d2e4687
Instruction ID: d9546ddd135b8cf094cca5dbe347f790c9c69720d7cdc24981f0c33ca2c0f014
Opcode Fuzzy Hash: f4b596e56b0b1e3a52c4a593168d4f51ed1d5adf09de71704b99ce2e3d2e4687
Instruction Fuzzy Hash: 7531C771D00349ABDF10CF69C450AEABBE4BF14350B44426EEC54EB791D379D901CB94

Uniqueness

Uniqueness Score: -1.00%

Function 006B3344 Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 006B308B: _free.LIBCMT ref: 006B30B4

_free.LIBCMT ref: 006B3392

Part of subcall function 006A071F: RtlFreeHeap.NTDLL(00000000,00000000,?,006B30B9,?,00000000,?,00000000,?,006B335D,?,00000007,?,?,006B3746,?), ref: 006A0735
Part of subcall function 006A071F: GetLastError.KERNEL32(?,?,006B30B9,?,00000000,?,00000000,?,006B335D,?,00000007,?,?,006B3746,?,?), ref: 006A0747

_free.LIBCMT ref: 006B339D
_free.LIBCMT ref: 006B33A8
_free.LIBCMT ref: 006B33FC
_free.LIBCMT ref: 006B3407
_free.LIBCMT ref: 006B3412
_free.LIBCMT ref: 006B341D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f819d8ee9315130b76aef7c0222032d4a6c7d3fe797d2f4f8e954e2ed7a91756
Instruction ID: f8fa9848ae50d5837f6260adba8007ed8adb660ecc6370a83eee419dea8051ce
Opcode Fuzzy Hash: f819d8ee9315130b76aef7c0222032d4a6c7d3fe797d2f4f8e954e2ed7a91756
Instruction Fuzzy Hash: 361172B1640718E6D5A0B770CC47FCB779E5F05700F40081CB299662E3DB34BA544B55

Uniqueness

Uniqueness Score: -1.00%

Function 006900FC Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,006900F3,0068F54D,00582AB1,0000000C,00582D94,?,?,?,?,00413A42,?,?), ref: 0069010A
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00690118
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00690131
SetLastError.KERNEL32(00000000,?,006900F3,0068F54D,00582AB1,0000000C,00582D94,?,?,?,?,00413A42,?,?), ref: 00690183

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 02db73689464d0444471c03415435b1de11366a082ae9b0df417eb982edcdb78
Instruction ID: d11d2948e26b249223f5eba63a445aae939a2f14cc7691c44b8471b0f6637430
Opcode Fuzzy Hash: 02db73689464d0444471c03415435b1de11366a082ae9b0df417eb982edcdb78
Instruction Fuzzy Hash: 8401F13220D3216EBB6027B4AC86566265BDB07374730472FF610856F2EF215C015258

Uniqueness

Uniqueness Score: -1.00%

Function 00586613 Relevance: 10.6, APIs: 7, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0058661A
std::_Lockit::_Lockit.LIBCPMT ref: 00586624

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00586644
collate.LIBCPMT ref: 0058665E
__CxxThrowException@8.LIBVCRUNTIME ref: 0058667B
std::_Facet_Register.LIBCPMT ref: 0058669A
std::_Lockit::~_Lockit.LIBCPMT ref: 005866A3

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowcollatestd::locale::_
String ID:
API String ID: 2345145342-0
Opcode ID: 683afa396c505158beeeeb8ace92440f3687866c2c37f2ba32805dd7e5aa8164
Instruction ID: 5e317d96a1dbf30aff8a3822c17898891257cb953877e46a45bff8bbf661fe95
Opcode Fuzzy Hash: 683afa396c505158beeeeb8ace92440f3687866c2c37f2ba32805dd7e5aa8164
Instruction Fuzzy Hash: 7E010875E0012A9BCF00FBA0C846ABD7B76BF94720F54011EF81177291DF78AE018795

Uniqueness

Uniqueness Score: -1.00%

Function 005866B0 Relevance: 10.6, APIs: 7, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 005866B7
std::_Lockit::_Lockit.LIBCPMT ref: 005866C1

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 005866E1
collate.LIBCPMT ref: 005866FB
__CxxThrowException@8.LIBVCRUNTIME ref: 00586718
std::_Facet_Register.LIBCPMT ref: 00586737
std::_Lockit::~_Lockit.LIBCPMT ref: 00586740

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowcollatestd::locale::_
String ID:
API String ID: 2345145342-0
Opcode ID: 0acb5f08232a8573e42383827a7b808f246a0ac887cf775fa01c9283701b9942
Instruction ID: 15cd7fd3c8c26779230ddd846801634f45a8de773b305829b6d06c6bd94e21bd
Opcode Fuzzy Hash: 0acb5f08232a8573e42383827a7b808f246a0ac887cf775fa01c9283701b9942
Instruction Fuzzy Hash: 1601E536D0012997DF10FBA0C846ABD7B72BF90724F54012EE91177291DF78AA018785

Uniqueness

Uniqueness Score: -1.00%

Function 0058674D Relevance: 10.6, APIs: 7, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00586754
std::_Lockit::_Lockit.LIBCPMT ref: 0058675E

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 0058677E
ctype.LIBCPMT ref: 00586798
__CxxThrowException@8.LIBVCRUNTIME ref: 005867B5
std::_Facet_Register.LIBCPMT ref: 005867D4
std::_Lockit::~_Lockit.LIBCPMT ref: 005867DD

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowctypestd::locale::_
String ID:
API String ID: 189735510-0
Opcode ID: d047c7202cb365e672107b8492bac120284b965a5602e7ed5ecebbe136fec144
Instruction ID: e11fefb2a72ecffb1491abc52e138d9de10666e561de059b3711717e62cc3b09
Opcode Fuzzy Hash: d047c7202cb365e672107b8492bac120284b965a5602e7ed5ecebbe136fec144
Instruction Fuzzy Hash: F401CE36D001299BDF00FBA0C846ABD7B72BF90724F14051EF81177291CF78AA028785

Uniqueness

Uniqueness Score: -1.00%

Function 005867EA Relevance: 10.6, APIs: 7, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 005867F1
std::_Lockit::_Lockit.LIBCPMT ref: 005867FB

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 0058681B
messages.LIBCPMT ref: 00586835
__CxxThrowException@8.LIBVCRUNTIME ref: 00586852
std::_Facet_Register.LIBCPMT ref: 00586871
std::_Lockit::~_Lockit.LIBCPMT ref: 0058687A

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmessagesstd::locale::_
String ID:
API String ID: 2194591311-0
Opcode ID: 31a66c2aef54546729fbc5e278748624d23b6838a7b294471b6e1c0ea853229f
Instruction ID: e590f0d58e44e9733ddb287f0ca2c12532de19a3ec23654ed94b8b34b71a9dd8
Opcode Fuzzy Hash: 31a66c2aef54546729fbc5e278748624d23b6838a7b294471b6e1c0ea853229f
Instruction Fuzzy Hash: 6A01E172D0012A8BCF00FBA0C846ABD7BB2BF90720F54051EE91577291CF78AE028B85

Uniqueness

Uniqueness Score: -1.00%

Function 00586887 Relevance: 10.6, APIs: 7, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0058688E
std::_Lockit::_Lockit.LIBCPMT ref: 00586898

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 005868B8
messages.LIBCPMT ref: 005868D2
__CxxThrowException@8.LIBVCRUNTIME ref: 005868EF
std::_Facet_Register.LIBCPMT ref: 0058690E
std::_Lockit::~_Lockit.LIBCPMT ref: 00586917

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmessagesstd::locale::_
String ID:
API String ID: 2194591311-0
Opcode ID: d0d7d180868ba6a60cc2113eca6e935ba914a2ee46205c1a11ef25591b9f55ea
Instruction ID: 5b981ecb1315f14c0bfae78f3a02e225e8b6a0d4f3834e27cb80d651ff8356d0
Opcode Fuzzy Hash: d0d7d180868ba6a60cc2113eca6e935ba914a2ee46205c1a11ef25591b9f55ea
Instruction Fuzzy Hash: 4201E575D0012A97CF04FBA0C8465BD7B72BF94720F14011EE911772D1CF78AE028B95

Uniqueness

Uniqueness Score: -1.00%

Function 00586B98 Relevance: 10.6, APIs: 7, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00586B9F
std::_Lockit::_Lockit.LIBCPMT ref: 00586BA9

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00586BC9
moneypunct.LIBCPMT ref: 00586BE3
__CxxThrowException@8.LIBVCRUNTIME ref: 00586C00
std::_Facet_Register.LIBCPMT ref: 00586C1F
std::_Lockit::~_Lockit.LIBCPMT ref: 00586C28

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmoneypunctstd::locale::_
String ID:
API String ID: 3858443405-0
Opcode ID: a431a7e3066f17ca6c6dde879a52e080e93229557c827164c6bf9d64ddbfbaef
Instruction ID: 84f716b36b8fe4b0eeb5c346d4afb5d5bdea63b8828cecab74281361ddc59401
Opcode Fuzzy Hash: a431a7e3066f17ca6c6dde879a52e080e93229557c827164c6bf9d64ddbfbaef
Instruction Fuzzy Hash: FA018232D0012A9BCF05FBA0C8466BD7B76FF84720F54451EE91177291DF78AE028B95

Uniqueness

Uniqueness Score: -1.00%

Function 00586C35 Relevance: 10.6, APIs: 7, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00586C3C
std::_Lockit::_Lockit.LIBCPMT ref: 00586C46

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00586C66
moneypunct.LIBCPMT ref: 00586C80
__CxxThrowException@8.LIBVCRUNTIME ref: 00586C9D
std::_Facet_Register.LIBCPMT ref: 00586CBC
std::_Lockit::~_Lockit.LIBCPMT ref: 00586CC5

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmoneypunctstd::locale::_
String ID:
API String ID: 3858443405-0
Opcode ID: f065ec6cdf588a1e04eb21ec069a1ab8545a4c531ab3202a9d74999f1de50bb7
Instruction ID: d3ca6d3b0303df7d872e8f47537471738708f80f192dbc6f870ce2738a0ab25a
Opcode Fuzzy Hash: f065ec6cdf588a1e04eb21ec069a1ab8545a4c531ab3202a9d74999f1de50bb7
Instruction Fuzzy Hash: A601E176E0012997DF00FBA0C856ABD7B76FF84720F54011EE91177291DF78AE028785

Uniqueness

Uniqueness Score: -1.00%

Function 00586CD2 Relevance: 10.6, APIs: 7, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00586CD9
std::_Lockit::_Lockit.LIBCPMT ref: 00586CE3

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00586D03
moneypunct.LIBCPMT ref: 00586D1D
__CxxThrowException@8.LIBVCRUNTIME ref: 00586D3A
std::_Facet_Register.LIBCPMT ref: 00586D59
std::_Lockit::~_Lockit.LIBCPMT ref: 00586D62

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmoneypunctstd::locale::_
String ID:
API String ID: 3858443405-0
Opcode ID: acb03900e7c652400073e6cd5399060b0ea66d0eb0d7b5cab16bad849e1c65a7
Instruction ID: 7b169e9101996b769d04c76ad6e4245447e232e0c4e9294188ed1d51b17dc7a6
Opcode Fuzzy Hash: acb03900e7c652400073e6cd5399060b0ea66d0eb0d7b5cab16bad849e1c65a7
Instruction Fuzzy Hash: D801E571E001298BCF01FBA0CC569BD7B72BF90720F54011EE8117B291DF78AA018B85

Uniqueness

Uniqueness Score: -1.00%

Function 00586D6F Relevance: 10.6, APIs: 7, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00586D76
std::_Lockit::_Lockit.LIBCPMT ref: 00586D80

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00586DA0
moneypunct.LIBCPMT ref: 00586DBA
__CxxThrowException@8.LIBVCRUNTIME ref: 00586DD7
std::_Facet_Register.LIBCPMT ref: 00586DF6
std::_Lockit::~_Lockit.LIBCPMT ref: 00586DFF

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmoneypunctstd::locale::_
String ID:
API String ID: 3858443405-0
Opcode ID: 9cf5ef946ec30e25079d90c3c6a2712117edf0fffc5c669b95cd192a71f7b829
Instruction ID: e2dcb485ef0cc89e99be61f09e5582cafe4b5cc1ebd3bfdfcf518d8b622bee66
Opcode Fuzzy Hash: 9cf5ef946ec30e25079d90c3c6a2712117edf0fffc5c669b95cd192a71f7b829
Instruction Fuzzy Hash: 8201E532E0012A9BDF00FBA0D8466BD7B76BF94720F54011EE81177291CF78AE028785

Uniqueness

Uniqueness Score: -1.00%

Function 00587080 Relevance: 10.6, APIs: 7, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00587087
std::_Lockit::_Lockit.LIBCPMT ref: 00587091

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 005870B1
numpunct.LIBCPMT ref: 005870CB
__CxxThrowException@8.LIBVCRUNTIME ref: 005870E8
std::_Facet_Register.LIBCPMT ref: 00587107
std::_Lockit::~_Lockit.LIBCPMT ref: 00587110

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrownumpunctstd::locale::_
String ID:
API String ID: 639073845-0
Opcode ID: 6096f5c05e7e849b781bd7e7e4d1d9f3805acc74fb4ffe7450b9d0411b96f4f8
Instruction ID: bc20c7c6c020120fc78f8b37736ad502b5a0e4a9b75e94a0075530af322d9527
Opcode Fuzzy Hash: 6096f5c05e7e849b781bd7e7e4d1d9f3805acc74fb4ffe7450b9d0411b96f4f8
Instruction Fuzzy Hash: D7018E36D0412A97CF05FBA0C84AABD7B76BF94720F64051AE8117B291DF78EA01CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0058711D Relevance: 10.6, APIs: 7, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00587124
std::_Lockit::_Lockit.LIBCPMT ref: 0058712E

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 0058714E
numpunct.LIBCPMT ref: 00587168
__CxxThrowException@8.LIBVCRUNTIME ref: 00587185
std::_Facet_Register.LIBCPMT ref: 005871A4
std::_Lockit::~_Lockit.LIBCPMT ref: 005871AD

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrownumpunctstd::locale::_
String ID:
API String ID: 639073845-0
Opcode ID: e944d833c6a2d5a942ceeafe776d823eee5e5144d6c68859dd4be15709c9bd9e
Instruction ID: 2dfbe0e2e5fa92e00c970f04d2ce521629e8d9b26fb6f897ac3351582d966bc7
Opcode Fuzzy Hash: e944d833c6a2d5a942ceeafe776d823eee5e5144d6c68859dd4be15709c9bd9e
Instruction Fuzzy Hash: 1201CE36E001299BCF00FBA0C84AABD7B76BFA4720F64011AE811772D1DF78AA019795

Uniqueness

Uniqueness Score: -1.00%

Function 004106A7 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004106AC

Strings

End of file, xrefs: 004106D7
Element not found, xrefs: 004106E3
asio.misc error, xrefs: 004106F6
The descriptor does not fit into the select call's fd_set, xrefs: 004106EF
Already open, xrefs: 004106C6

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: Already open$Element not found$End of file$The descriptor does not fit into the select call's fd_set$asio.misc error
API String ID: 3519838083-1489422305
Opcode ID: 0e974919303888db856ae624f66fddceb7bc6d713ec0c067eb07c25d7527eddb
Instruction ID: d67ba4f39ddab518590b04328f340580a13f1bfa5124be1068f38476ce4b5b78
Opcode Fuzzy Hash: 0e974919303888db856ae624f66fddceb7bc6d713ec0c067eb07c25d7527eddb
Instruction Fuzzy Hash: 3DF0A471A44128A78B20DF55A8518EFBB65FBD5760F10440BF945D2240C6F849E1878B

Uniqueness

Uniqueness Score: -1.00%

Function 006A486D Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,006A4862,00000003,?,006A4802,00000003,00787658,0000000C,006A4915,00000003,00000002), ref: 006A488D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 006A48A0
FreeLibrary.KERNEL32(00000000,?,?,?,006A4862,00000003,?,006A4802,00000003,00787658,0000000C,006A4915,00000003,00000002,00000000), ref: 006A48C3

Strings

CorExitProcess, xrefs: 006A4898
0A, xrefs: 006A48B1
mscoree.dll, xrefs: 006A4886

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: 0A$CorExitProcess$mscoree.dll
API String ID: 4061214504-242658392
Opcode ID: 9df3df2a0e177dc7cd2e605b1649d3258fc5b3d1bd9aa78d63051723fbfae371
Instruction ID: 50e48b579043fcda82c136a0126160869b8aca19eaf4220f6d071175e2de8cb7
Opcode Fuzzy Hash: 9df3df2a0e177dc7cd2e605b1649d3258fc5b3d1bd9aa78d63051723fbfae371
Instruction Fuzzy Hash: DAF03170A00259ABEB11AB94DC49BDDBFB6EB44751F004168E805A6290DFB89E80CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004251D0 Relevance: 9.2, APIs: 6, Instructions: 235COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004251D5
EnterCriticalSection.KERNEL32(?), ref: 004251EC
LeaveCriticalSection.KERNEL32(?), ref: 00425335
EnterCriticalSection.KERNEL32(?), ref: 0042539A
EnterCriticalSection.KERNEL32(?), ref: 004253CB
LeaveCriticalSection.KERNEL32(?), ref: 00425459

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalSection$Enter$Leave$H_prolog
String ID:
API String ID: 3611688910-0
Opcode ID: 9a75d3944daacedd1612f391adb11c25558a3478b56561f4861fd6577db82494
Instruction ID: be82eaf52be362a2a189a403c00c2ea7786056c823c26ae5aef6727efd013585
Opcode Fuzzy Hash: 9a75d3944daacedd1612f391adb11c25558a3478b56561f4861fd6577db82494
Instruction Fuzzy Hash: 0691EC71A00A15DFCB20DFA8D484BAEB7B5FF98310F50455EE89AA7241DB34A905CF64

Uniqueness

Uniqueness Score: -1.00%

Function 004354B1 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 408COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 004354B5

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 004354C0

Part of subcall function 00476ADD: __EH_prolog.LIBCMT ref: 00476AE2

Part of subcall function 004B0769: __EH_prolog.LIBCMT ref: 004B076E

Part of subcall function 004AB703: std::_Deallocate.LIBCONCRT ref: 004AB733

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Part of subcall function 0044E82C: __EH_prolog.LIBCMT ref: 0044E831

Strings

l, xrefs: 004354F4
1.38, xrefs: 004355CE, 004357CA
), xrefs: 00435962

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Deallocatestd::_$ExceptionException@8RaiseThrow
String ID: )$1.38$l
API String ID: 1125004306-1949618500
Opcode ID: fe10530605e0fe42725c671ea38f7ed34cbff42a59f4ec96bc5b9941d7ffa79b
Instruction ID: dba261fe0062bf89d8650e79bf07336141051845fe5bab8e8fe89a5f1e21508d
Opcode Fuzzy Hash: fe10530605e0fe42725c671ea38f7ed34cbff42a59f4ec96bc5b9941d7ffa79b
Instruction Fuzzy Hash: 1FF1F871C0528CEADB10EBA9DD45BDDBBB89F66308F2040EEE04567192EB741F44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00436C06 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 377COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00436C0A

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 00436C15

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Part of subcall function 0044E82C: __EH_prolog.LIBCMT ref: 0044E831

Part of subcall function 004D2AB3: __EH_prolog.LIBCMT ref: 004D2AB8

Strings

1.38, xrefs: 00436CD9, 00436EA1
_, xrefs: 00436C95
&, xrefs: 00437057

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$DeallocateExceptionException@8RaiseThrowstd::_
String ID: &$1.38$_
API String ID: 3026593090-314876670
Opcode ID: e09106c08e21e75b184b01da6eca95a1b64b732683cb92e487bc23e682999e58
Instruction ID: 9aa80d079675541da15c3140e1ac0f82289acfbc554f7e60ef93281b904c0eaf
Opcode Fuzzy Hash: e09106c08e21e75b184b01da6eca95a1b64b732683cb92e487bc23e682999e58
Instruction Fuzzy Hash: A2E10671C0528CE9DB11EBA8DD45BEDBBB4AF66308F1041EEE04567182EA741F88CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00438240 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 375COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00438244

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0043824F

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Part of subcall function 0044E82C: __EH_prolog.LIBCMT ref: 0044E831

Part of subcall function 004D2AB3: __EH_prolog.LIBCMT ref: 004D2AB8

Strings

v, xrefs: 004382CF
1.38, xrefs: 00438313, 004384DB
&, xrefs: 00438691

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$DeallocateExceptionException@8RaiseThrowstd::_
String ID: &$1.38$v
API String ID: 3026593090-1349925522
Opcode ID: 511eeba0e771c8a041208774176eb99eb196e3b86e3b10de7801d62182a1edb9
Instruction ID: 1f5cb23f1696570e12f9c8a59af54159a068e5083953ff1ade9c3c51970046d4
Opcode Fuzzy Hash: 511eeba0e771c8a041208774176eb99eb196e3b86e3b10de7801d62182a1edb9
Instruction Fuzzy Hash: 20E11771C0428CE9DB11EBA8DD45BEDBBB8AF66308F1040DEE04567192EE781F88C765

Uniqueness

Uniqueness Score: -1.00%

Function 004B138C Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 337COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B1391

Strings

IsObject(), xrefs: 004B160F, 004B162E
GetType() == kNumberType, xrefs: 004B13EE
m->name.IsString(), xrefs: 004B1659
IsArray(), xrefs: 004B1551, 004B1573

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: GetType() == kNumberType$IsArray()$IsObject()$m->name.IsString()
API String ID: 3519838083-2893571818
Opcode ID: bb1620fed73518d74523bada9baee671c1284c108569a62fb72e0ca95a1f504a
Instruction ID: 060b823309b1ad59683174ad3ea1d653af472b11ad11056d46f369940099a37b
Opcode Fuzzy Hash: bb1620fed73518d74523bada9baee671c1284c108569a62fb72e0ca95a1f504a
Instruction Fuzzy Hash: 0FB1F671600600ABDB14AF25C8A2BEA7B95AF42354F14401EF54A9F3D2DF7D9D01C7B9

Uniqueness

Uniqueness Score: -1.00%

Function 00418CBA Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 319networkCOMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00418CBE

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 00418CC9
gethostbyname.WS2_32(?), ref: 00418CFD
_strlen.LIBCMT ref: 00418E12

Part of subcall function 0041CF6B: __EH_prolog.LIBCMT ref: 0041CF70

Part of subcall function 0041CECB: __Thrd_sleep.LIBCPMT ref: 0041CF5E

Part of subcall function 0041CECB: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041CF30

Part of subcall function 004161F3: __EH_prolog.LIBCMT ref: 004161F8

Strings

$, xrefs: 00418D46

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ExceptionException@8RaiseThrd_sleepThrowUnothrow_t@std@@@__ehfuncinfo$??2@_strlengethostbyname
String ID: $
API String ID: 3595494107-3993045852
Opcode ID: c0ad4428dfc8bc6fc3f4618fe617a3049029279d9557b9f8e5128b3d1a1e3038
Instruction ID: 9fa8e1347a3b5d6a324549be710af1b370aea4fd853bc4809eec5a16e8616f21
Opcode Fuzzy Hash: c0ad4428dfc8bc6fc3f4618fe617a3049029279d9557b9f8e5128b3d1a1e3038
Instruction Fuzzy Hash: 29D1707180425CEEDF15DBA4DC85BEEB7B8BF14304F1041AFE109A6192EB746B88CB65

Uniqueness

Uniqueness Score: -1.00%

Function 004B297E Relevance: 9.1, APIs: 6, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B2983
std::_Lockit::_Lockit.LIBCPMT ref: 004B2992

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 004B29B2
__CxxThrowException@8.LIBVCRUNTIME ref: 004B29E9
std::_Facet_Register.LIBCPMT ref: 004B29FF
std::_Lockit::~_Lockit.LIBCPMT ref: 004B2A0C

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
String ID:
API String ID: 1252875284-0
Opcode ID: 202a26346cecd9aefb5768aadbd2006732c1901e8ba45af2b5a955188053243c
Instruction ID: f7ca5fcf15a29ee73de0f63c4ec1933b637445bf0b6068ffe5ed26652d83c923
Opcode Fuzzy Hash: 202a26346cecd9aefb5768aadbd2006732c1901e8ba45af2b5a955188053243c
Instruction Fuzzy Hash: 8811A772E0052997CB14FBA4D905AEE7775FF84720F10026EF815B7291DF789A01C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 004B2A23 Relevance: 9.1, APIs: 6, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B2A28
std::_Lockit::_Lockit.LIBCPMT ref: 004B2A37

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 004B2A57
__CxxThrowException@8.LIBVCRUNTIME ref: 004B2A8E
std::_Facet_Register.LIBCPMT ref: 004B2AA4
std::_Lockit::~_Lockit.LIBCPMT ref: 004B2AB1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
String ID:
API String ID: 1252875284-0
Opcode ID: 51c68c6e5f0bdad96a5cd2fde2d68645632b674c3427c94835c50d3f68f9f0a4
Instruction ID: c8886ba17a3d5485cd5e1aa7785e1a44f9bf67971395e215b002f34403b44444
Opcode Fuzzy Hash: 51c68c6e5f0bdad96a5cd2fde2d68645632b674c3427c94835c50d3f68f9f0a4
Instruction Fuzzy Hash: 01110A72E005299BCB20FBA4D905AEE7775FF94720F50022EF811B7291DB789E0187A4

Uniqueness

Uniqueness Score: -1.00%

Function 004B2AC8 Relevance: 9.1, APIs: 6, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B2ACD
std::_Lockit::_Lockit.LIBCPMT ref: 004B2ADC

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 004B2AFC
__CxxThrowException@8.LIBVCRUNTIME ref: 004B2B33
std::_Facet_Register.LIBCPMT ref: 004B2B49
std::_Lockit::~_Lockit.LIBCPMT ref: 004B2B56

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
String ID:
API String ID: 1252875284-0
Opcode ID: 65ce447762173529b6536825b45d556c6ad68a1dfdabc986c51eb9bf05b57350
Instruction ID: 1391fae416d80c1b39bd808fabaa72711b772ef6f3f2cacb19c242c4ba372aee
Opcode Fuzzy Hash: 65ce447762173529b6536825b45d556c6ad68a1dfdabc986c51eb9bf05b57350
Instruction Fuzzy Hash: 1511C432E045299BCB14FFA4D9059EEBB75EF84720F10065EF81567291DF789A0187A4

Uniqueness

Uniqueness Score: -1.00%

Function 004B2B6D Relevance: 9.1, APIs: 6, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B2B72
std::_Lockit::_Lockit.LIBCPMT ref: 004B2B81

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 004B2BA1
__CxxThrowException@8.LIBVCRUNTIME ref: 004B2BD8
std::_Facet_Register.LIBCPMT ref: 004B2BEE
std::_Lockit::~_Lockit.LIBCPMT ref: 004B2BFB

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
String ID:
API String ID: 1252875284-0
Opcode ID: eff65316c8d1bddb7be57a432636777433a33a1dae658c0c6c577b745bd00f5d
Instruction ID: 0ffda2dfe26c43bc4056b07ad5696aae978b47293d48c948269ed516ba1da668
Opcode Fuzzy Hash: eff65316c8d1bddb7be57a432636777433a33a1dae658c0c6c577b745bd00f5d
Instruction Fuzzy Hash: A411C172E045299BCB18FFA4C905AEE7B75FF84720F10026EF811A7291DF789A01C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 004B2C12 Relevance: 9.1, APIs: 6, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B2C17
std::_Lockit::_Lockit.LIBCPMT ref: 004B2C26

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 004B2C46
__CxxThrowException@8.LIBVCRUNTIME ref: 004B2C7D
std::_Facet_Register.LIBCPMT ref: 004B2C93
std::_Lockit::~_Lockit.LIBCPMT ref: 004B2CA0

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
String ID:
API String ID: 1252875284-0
Opcode ID: 56a66ee146ac4cbdd3be01a2bfd2a2dd40d2f6ea9210b31f2c1411a636807fd7
Instruction ID: 2dcc7b35d4edc1ae001f1dfcbc206a6e3d61c6b6d06d438f9a0bd2069ddf3514
Opcode Fuzzy Hash: 56a66ee146ac4cbdd3be01a2bfd2a2dd40d2f6ea9210b31f2c1411a636807fd7
Instruction Fuzzy Hash: 4011E772D005299BCB10FFA4D905AEE7B75FF84720F50021EF815B7291DB789A0187E4

Uniqueness

Uniqueness Score: -1.00%

Function 004B2E78 Relevance: 9.1, APIs: 6, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B2E7D
std::_Lockit::_Lockit.LIBCPMT ref: 004B2E8C

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 004B2EAC
__CxxThrowException@8.LIBVCRUNTIME ref: 004B2EE3
std::_Facet_Register.LIBCPMT ref: 004B2EF9
std::_Lockit::~_Lockit.LIBCPMT ref: 004B2F06

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
String ID:
API String ID: 1252875284-0
Opcode ID: e9f1efcb30548e9e56ec2ab87a8486d8545c1c2fe74b22e49fea07ea815be4a4
Instruction ID: afdd4069f02c412dbe3d57c8cccc2ad05612a5f581e3fcd064c8c3d27ab09a31
Opcode Fuzzy Hash: e9f1efcb30548e9e56ec2ab87a8486d8545c1c2fe74b22e49fea07ea815be4a4
Instruction Fuzzy Hash: E911A332E006299BCB14FBA5C905AEEBB75FF84720F14461EF815772D1DB789A018BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00586576 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0058657D
std::_Lockit::_Lockit.LIBCPMT ref: 00586587

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 005865A7
__CxxThrowException@8.LIBVCRUNTIME ref: 005865DE
std::_Facet_Register.LIBCPMT ref: 005865FD
std::_Lockit::~_Lockit.LIBCPMT ref: 00586606

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: 728bac705d2dbfbe79f6e58030f12c29b71d89cdc6424652ec309150d387ddab
Instruction ID: b1d9a8a20fde25a5080b252a2a8d5375113aa7026780cc94b7247eb34f0af1f4
Opcode Fuzzy Hash: 728bac705d2dbfbe79f6e58030f12c29b71d89cdc6424652ec309150d387ddab
Instruction Fuzzy Hash: E501CE32D0012A9BDF00FBA0C856ABD7B72BF84720F54011AE81177291DF78AA028796

Uniqueness

Uniqueness Score: -1.00%

Function 00586924 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0058692B
std::_Lockit::_Lockit.LIBCPMT ref: 00586935

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00586955
__CxxThrowException@8.LIBVCRUNTIME ref: 0058698C
std::_Facet_Register.LIBCPMT ref: 005869AB
std::_Lockit::~_Lockit.LIBCPMT ref: 005869B4

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: c540214dbd9fd79dfc83ffccc5696e7092c841e996cdecf1f91a713145f39ea9
Instruction ID: 888cae3a08cb71bc11ca5a5ba79301200541db8d5ea92d9fc258bc731e18622d
Opcode Fuzzy Hash: c540214dbd9fd79dfc83ffccc5696e7092c841e996cdecf1f91a713145f39ea9
Instruction Fuzzy Hash: 0C01E132D001298BCF01FBA0CC46ABD7B72BF80720F54051EE9117B2D1DF78AA028795

Uniqueness

Uniqueness Score: -1.00%

Function 005869C1 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 005869C8
std::_Lockit::_Lockit.LIBCPMT ref: 005869D2

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 005869F2
__CxxThrowException@8.LIBVCRUNTIME ref: 00586A29
std::_Facet_Register.LIBCPMT ref: 00586A48
std::_Lockit::~_Lockit.LIBCPMT ref: 00586A51

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: e415e55a5d8efd876f87e92c500efcb556197f03e0ebf5557ea5fc5ef338edb2
Instruction ID: ddebc9e008ff21db6ecf431c3f9dd0193040618675104334071ab59956850f81
Opcode Fuzzy Hash: e415e55a5d8efd876f87e92c500efcb556197f03e0ebf5557ea5fc5ef338edb2
Instruction Fuzzy Hash: 1C01CE32D0012A9BCF05FBA0DC46ABD7B76BF94720F54411AE8117B291DF78AA018785

Uniqueness

Uniqueness Score: -1.00%

Function 00586A5E Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00586A65
std::_Lockit::_Lockit.LIBCPMT ref: 00586A6F

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00586A8F
__CxxThrowException@8.LIBVCRUNTIME ref: 00586AC6
std::_Facet_Register.LIBCPMT ref: 00586AE5
std::_Lockit::~_Lockit.LIBCPMT ref: 00586AEE

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: 6bf8fae17d1c55b3f8095170f8c441afd9e57401c1fd8f899d30954374e1038b
Instruction ID: dc492d7c1f575ad321867507ed50d752874cd23006525941ac5387cd1d2b70e4
Opcode Fuzzy Hash: 6bf8fae17d1c55b3f8095170f8c441afd9e57401c1fd8f899d30954374e1038b
Instruction Fuzzy Hash: 1F01E132E0012A87CF04FBA0C84AABD7B76BF84720F54811EE81177291DF78EE028785

Uniqueness

Uniqueness Score: -1.00%

Function 00586AFB Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00586B02
std::_Lockit::_Lockit.LIBCPMT ref: 00586B0C

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00586B2C
__CxxThrowException@8.LIBVCRUNTIME ref: 00586B63
std::_Facet_Register.LIBCPMT ref: 00586B82
std::_Lockit::~_Lockit.LIBCPMT ref: 00586B8B

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: 49cecdee1888ff5400594f79c7491ccf6bce1ad4eee74dd977a1469709a5cab3
Instruction ID: 1b3b7bcabb26220a1d94978600dd4a2176515027811550b14c2acc6d44849b9a
Opcode Fuzzy Hash: 49cecdee1888ff5400594f79c7491ccf6bce1ad4eee74dd977a1469709a5cab3
Instruction Fuzzy Hash: B201E132E0012A8BCF00FBA0D846ABD7B76BF90725F54051EF8117B291DF78AE028795

Uniqueness

Uniqueness Score: -1.00%

Function 00586E0C Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00586E13
std::_Lockit::_Lockit.LIBCPMT ref: 00586E1D

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00586E3D
__CxxThrowException@8.LIBVCRUNTIME ref: 00586E74
std::_Facet_Register.LIBCPMT ref: 00586E93
std::_Lockit::~_Lockit.LIBCPMT ref: 00586E9C

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: a0745f80e65ae47ed21d8f54d65da73e1bc9d5e7202c31e1bd7239126e4643fa
Instruction ID: 78f031dcd81d295256e0ad33f2ac7f59cc44e543bd457230b3793aba3787fe51
Opcode Fuzzy Hash: a0745f80e65ae47ed21d8f54d65da73e1bc9d5e7202c31e1bd7239126e4643fa
Instruction Fuzzy Hash: E501A575D0012987CF15FBA0C8469BE7B76BF94720F54011EF8117B2D1DF78AA018B95

Uniqueness

Uniqueness Score: -1.00%

Function 00586EA9 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00586EB0
std::_Lockit::_Lockit.LIBCPMT ref: 00586EBA

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00586EDA
__CxxThrowException@8.LIBVCRUNTIME ref: 00586F11
std::_Facet_Register.LIBCPMT ref: 00586F30
std::_Lockit::~_Lockit.LIBCPMT ref: 00586F39

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: b590dd5a95d5c7176f4f4bebd7065758ae2287e4ec53d536990459d5111684b0
Instruction ID: 36bdd8f9b3c6d3a715d4fecd9f9c2dd12b19e362289941a1946ed2d3c47ad54d
Opcode Fuzzy Hash: b590dd5a95d5c7176f4f4bebd7065758ae2287e4ec53d536990459d5111684b0
Instruction Fuzzy Hash: 4001CE76D0012A97CF11FBA0D846ABDBB76BF90720F54011EE91177291CF78EA028B85

Uniqueness

Uniqueness Score: -1.00%

Function 00586F46 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00586F4D
std::_Lockit::_Lockit.LIBCPMT ref: 00586F57

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00586F77
__CxxThrowException@8.LIBVCRUNTIME ref: 00586FAE
std::_Facet_Register.LIBCPMT ref: 00586FCD
std::_Lockit::~_Lockit.LIBCPMT ref: 00586FD6

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: 42bc062a20b49ef2b1c4ee798b7d79fe8e9c2541235d5a572d39628af47594b5
Instruction ID: 70afa757b7d331fb800549c0ed43ed25e5934ca25c36f6009688b21e6d67ed3b
Opcode Fuzzy Hash: 42bc062a20b49ef2b1c4ee798b7d79fe8e9c2541235d5a572d39628af47594b5
Instruction Fuzzy Hash: D201E132D0012A8BCF04FBA0D846ABD7B72BF90720F54051EF9117B291CF78EA028B85

Uniqueness

Uniqueness Score: -1.00%

Function 00586FE3 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00586FEA
std::_Lockit::_Lockit.LIBCPMT ref: 00586FF4

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00587014
__CxxThrowException@8.LIBVCRUNTIME ref: 0058704B
std::_Facet_Register.LIBCPMT ref: 0058706A
std::_Lockit::~_Lockit.LIBCPMT ref: 00587073

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: 76c01c41dd5076078d920ec235810dd89ba84fe90f6d9e76ab5c1201b3b6a86b
Instruction ID: 3da7bb0c2564773db8884a1d960073aa8a6c50b0925113ed65e372681be063ff
Opcode Fuzzy Hash: 76c01c41dd5076078d920ec235810dd89ba84fe90f6d9e76ab5c1201b3b6a86b
Instruction Fuzzy Hash: E901E176D00129C7CF01FBA0C84AABD7B76BF94720F64011EE91177291DF78EA028B95

Uniqueness

Uniqueness Score: -1.00%

Function 005871BA Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 005871C1
std::_Lockit::_Lockit.LIBCPMT ref: 005871CB

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 005871EB
__CxxThrowException@8.LIBVCRUNTIME ref: 00587222
std::_Facet_Register.LIBCPMT ref: 00587241
std::_Lockit::~_Lockit.LIBCPMT ref: 0058724A

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: 387cc7aec688d462a92743a8f6240c499c95f90d55785faf0e26c8bd3269279b
Instruction ID: 53baad933a1a9d78d5ebf71a7db44f88538b6f9be4b6698cc70fe2232b2cdb36
Opcode Fuzzy Hash: 387cc7aec688d462a92743a8f6240c499c95f90d55785faf0e26c8bd3269279b
Instruction Fuzzy Hash: FE01CE36D0412A87CF05FBA0C846ABD7B76BF84720F64051EF82277291DF78EA018795

Uniqueness

Uniqueness Score: -1.00%

Function 00587257 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0058725E
std::_Lockit::_Lockit.LIBCPMT ref: 00587268

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00587288
__CxxThrowException@8.LIBVCRUNTIME ref: 005872BF
std::_Facet_Register.LIBCPMT ref: 005872DE
std::_Lockit::~_Lockit.LIBCPMT ref: 005872E7

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: 035a0d2cb02ef3ccdf8db43625f66f48ba025dba11e6e261f966438d970f4d87
Instruction ID: a0ca83432d0efc3d82ab6b7b034826c60db9aabab451f799da73c8dfd84624ce
Opcode Fuzzy Hash: 035a0d2cb02ef3ccdf8db43625f66f48ba025dba11e6e261f966438d970f4d87
Instruction Fuzzy Hash: 97018E76E0012997CF05FBA0C846ABD7B76BF94720F64051EF812772D1DF78AA028795

Uniqueness

Uniqueness Score: -1.00%

Function 005872F4 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 005872FB
std::_Lockit::_Lockit.LIBCPMT ref: 00587305

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 00587325
__CxxThrowException@8.LIBVCRUNTIME ref: 0058735C
std::_Facet_Register.LIBCPMT ref: 0058737B
std::_Lockit::~_Lockit.LIBCPMT ref: 00587384

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: fe02b0ba852a703a0f06ee0030525541247e9800abe2f3dd819f1a379f7983e9
Instruction ID: 58ef56f43cc110a2dac502ad5072be58545a32b69611c838da8830e03516e16f
Opcode Fuzzy Hash: fe02b0ba852a703a0f06ee0030525541247e9800abe2f3dd819f1a379f7983e9
Instruction Fuzzy Hash: C401C272D001298BCF01FBA0C8869BD7B76BF84720F64051EEC1177291DF78EA029796

Uniqueness

Uniqueness Score: -1.00%

Function 00587391 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00587398
std::_Lockit::_Lockit.LIBCPMT ref: 005873A2

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Getfacet.LIBCPMT ref: 005873C2
__CxxThrowException@8.LIBVCRUNTIME ref: 005873F9
std::_Facet_Register.LIBCPMT ref: 00587418
std::_Lockit::~_Lockit.LIBCPMT ref: 00587421

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
String ID:
API String ID: 2465509477-0
Opcode ID: 87f3023760e3cfc150e56195f20c611a203aeff010baed38f69fcacd59f6b086
Instruction ID: d4706e0bdf85535e86c2997f0a725fb0a053402166482df61c576a159a05b070
Opcode Fuzzy Hash: 87f3023760e3cfc150e56195f20c611a203aeff010baed38f69fcacd59f6b086
Instruction Fuzzy Hash: BB01CE36D0012987CF00FBA0C846ABD7B72BF94720F64051EF811772A1DF78AA028796

Uniqueness

Uniqueness Score: -1.00%

Function 004249FD Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 251COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00424A02

Part of subcall function 00415A23: WSASocketW.WS2_32(?,?,?,00000000,00000000,00000001), ref: 00415A36

htonl.WS2_32(7F000001), ref: 00424A9C
htonl.WS2_32(00000000), ref: 00424AF3
htonl.WS2_32(7F000001), ref: 00424AFF

Part of subcall function 0041037A: __EH_prolog.LIBCMT ref: 0041037F

Strings

socket_select_interrupter, xrefs: 00424A42, 00424ABE, 00424AE4, 00424B15, 00424B45, 00424B6A, 00424BD0, 00424C02, 00424C54

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: htonl$H_prolog$Socket
String ID: socket_select_interrupter
API String ID: 2867122483-3103927870
Opcode ID: 476b33215517f07283fd2b45fc133062e9e59ec46a9959e9109e143c4796841b
Instruction ID: c75956f0ae3c90dcd665b204e711d45a461bd46a798bdc887665810f99917610
Opcode Fuzzy Hash: 476b33215517f07283fd2b45fc133062e9e59ec46a9959e9109e143c4796841b
Instruction Fuzzy Hash: 8191E871E01108ABDB14DBA4E842BEEB7B9EF84324F60422BF521A72C1DB785F45C794

Uniqueness

Uniqueness Score: -1.00%

Function 0041A684 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 221COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 0041A688

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0041A693

Part of subcall function 0047DA23: __EH_prolog.LIBCMT ref: 0047DA28
Part of subcall function 0047DA23: GetModuleHandleA.KERNEL32(?,00000000,?,?,00000000,00000000), ref: 0047DAD7
Part of subcall function 0047DA23: GetProcAddress.KERNEL32(00000000), ref: 0047DADE

Part of subcall function 00413FDC: std::_Throw_Cpp_error.LIBCPMT ref: 00413FE7

Strings

~, xrefs: 0041A718
u, xrefs: 0041A792
5, xrefs: 0041A71F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$AddressCpp_errorExceptionException@8HandleModuleProcRaiseThrowThrow_std::_
String ID: 5$u$~
API String ID: 3644655947-2497507236
Opcode ID: 2e20ac243c5e41d472c0d486c311622b054e3069dbec997de60e45dc2e5ccd2f
Instruction ID: c6e0f3e7d2fd5dbe3bcb36ba580f339431f1455650e05b2d2ab67a5bd05c9d7b
Opcode Fuzzy Hash: 2e20ac243c5e41d472c0d486c311622b054e3069dbec997de60e45dc2e5ccd2f
Instruction Fuzzy Hash: 8081D671D0424CEEDB00EFE9D881BEDBBB8EF55304F20412EE515A7191EB785A84CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0043691F Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 214COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00436923

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0043692E

Part of subcall function 00460981: __EH_prolog.LIBCMT ref: 00460986

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Part of subcall function 004350CF: __EH_prolog.LIBCMT ref: 004350D4
Part of subcall function 004350CF: new.LIBCMT ref: 0043511A

Part of subcall function 004AB703: std::_Deallocate.LIBCONCRT ref: 004AB733

Part of subcall function 00411B0E: std::_Deallocate.LIBCONCRT ref: 00411B20

Strings

1.38, xrefs: 00436A5D
d, xrefs: 00436A10
unknown, xrefs: 004369A2

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: DeallocateH_prologstd::_$ExceptionException@8RaiseThrow
String ID: 1.38$d$unknown
API String ID: 3768170552-1437315834
Opcode ID: 1e17f2a58c6cf6216fbb7830a8c410540dc51f30c6a96e7d70682d0a518b9a90
Instruction ID: 4b5ae59505a5be7f1b8f18294c6627526a78df8af475de61f54828c0ffec9e14
Opcode Fuzzy Hash: 1e17f2a58c6cf6216fbb7830a8c410540dc51f30c6a96e7d70682d0a518b9a90
Instruction Fuzzy Hash: 6181F771D0428CEADB10EBA9DD427DDBFB4AF25308F1080AEE54567192DB741F88CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 005273DB Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 185COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 005273E0

Strings

s >= 0, xrefs: 00527582
0 <= _dims && _dims <= CV_MAX_DIM, xrefs: 00527601
cv::setSize, xrefs: 00527512, 00527571, 005275F0
The total matrix size does not fit to "size_t" type, xrefs: 00527523

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: 0 <= _dims && _dims <= CV_MAX_DIM$The total matrix size does not fit to "size_t" type$cv::setSize$s >= 0
API String ID: 3519838083-1770251609
Opcode ID: 1e82fa99286308494e339b38f434e1c5cfdae780e91d060493535c91ab20ebd7
Instruction ID: 4e7a3f975187a7e94f4a0d792aa5d11b4b89b091d2d827e6e5719dbbace165a3
Opcode Fuzzy Hash: 1e82fa99286308494e339b38f434e1c5cfdae780e91d060493535c91ab20ebd7
Instruction Fuzzy Hash: 7F71E2B1A0461DDFDB24DFA4D881AEDBFB1BF49304F14816EE10A972D1EB74AA04CB50

Uniqueness

Uniqueness Score: -1.00%

Function 005CC780 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,2D5DBC68), ref: 005CC817

Part of subcall function 00410C7D: __EH_prolog.LIBCMT ref: 00410C82
Part of subcall function 00410C7D: CreateEventA.KERNEL32(00000000,?,?,00000000), ref: 00410C94

CloseHandle.KERNEL32(00000000), ref: 005CC80C
CloseHandle.KERNEL32(?,2D5DBC68), ref: 005CC860
CloseHandle.KERNEL32(?), ref: 005CC99E

Strings

>_B, xrefs: 005CC7AD

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CloseHandle$Event$CreateH_prolog
String ID: >_B
API String ID: 2825413587-1950707887
Opcode ID: 2e717286908963d8656ae84d804c817d48896b9b0c130644de106978dacdcdc0
Instruction ID: 458aee22616a25a07981d7de558b9808a53f95f8ae8f4babb211df472a5a5754
Opcode Fuzzy Hash: 2e717286908963d8656ae84d804c817d48896b9b0c130644de106978dacdcdc0
Instruction Fuzzy Hash: 7951BFB1A002058FDF14EFA4C984B6ABFA9FF44314F14456DE82ADB282DB35ED41CA55

Uniqueness

Uniqueness Score: -1.00%

Function 00412CE4 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 136COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00412CE9

Part of subcall function 0040F39B: __EH_prolog.LIBCMT ref: 0040F3A0

Part of subcall function 0041308A: __EH_prolog.LIBCMT ref: 0041308F

Part of subcall function 0041046F: __EH_prolog.LIBCMT ref: 00410474

new.LIBCMT ref: 00412DCD

Part of subcall function 00412F5C: __EH_prolog.LIBCMT ref: 00412F61

Strings

class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 00412DA3
a0A, xrefs: 00412D65
5A, xrefs: 00412D76

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: a0A$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)$5A
API String ID: 3519838083-280365165
Opcode ID: d389a73c461d148e593af25c107148117d942d5b7ebe5992093653c0ce9fe4e4
Instruction ID: 87e0541cf2904c335b22cf6d6275a1c02b6df84ccc2e5eca1df84b1b5e94cea1
Opcode Fuzzy Hash: d389a73c461d148e593af25c107148117d942d5b7ebe5992093653c0ce9fe4e4
Instruction Fuzzy Hash: 4E5175B0D04288DFDB00DF98D9846EDBFB6AF55308F14806EE404EB241D7B89A49CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00695013 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

tdA, xrefs: 00695015

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID:
String ID: tdA
API String ID: 0-2901657147
Opcode ID: c6e9f190fb23edd07fa84333adef7a853451afe721767e536ff5a6b36f26999d
Instruction ID: 5eac8436f541adff5e16d85cf94dd1f9aa58db9647923bcfe447eda4d50430eb
Opcode Fuzzy Hash: c6e9f190fb23edd07fa84333adef7a853451afe721767e536ff5a6b36f26999d
Instruction Fuzzy Hash: 54410E71A00704BFDB259F78CC41B9ABBFEEB48710F10452EF152DBA81D675994187D4

Uniqueness

Uniqueness Score: -1.00%

Function 004B5137 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B513C
std::exception::exception.LIBCONCRT ref: 004B527C
__CxxThrowException@8.LIBVCRUNTIME ref: 004B52AA

Part of subcall function 004B7B20: __EH_prolog.LIBCMT ref: 004B7B25
Part of subcall function 004B7B20: std::exception::exception.LIBCONCRT ref: 004B7B74
Part of subcall function 004B7B20: __CxxThrowException@8.LIBVCRUNTIME ref: 004B7BA2
Part of subcall function 004B7B20: std::exception::exception.LIBCONCRT ref: 004B7BD8

Strings

unexpected end of data, xrefs: 004B5272
4s, xrefs: 004B52A1, 004B52A9

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::exception::exception$Exception@8H_prologThrow
String ID: 4s$unexpected end of data
API String ID: 1448338827-2591715117
Opcode ID: eb46157da4a711b7671613d0298472427b39623e1ddf097056b9aed906c66bde
Instruction ID: a5bd9f356628c17dcac3fb439ed74d8d2602c6299a8efbe9bec23ffae0727124
Opcode Fuzzy Hash: eb46157da4a711b7671613d0298472427b39623e1ddf097056b9aed906c66bde
Instruction Fuzzy Hash: D14193B0C0968559EB298B6C80447E6FFA66F16314F4883DBD1D44A243C37C99CB8F6D

Uniqueness

Uniqueness Score: -1.00%

Function 0042CC20 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 112COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 0042CC24

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0042CC2F

Part of subcall function 00476ADD: __EH_prolog.LIBCMT ref: 00476AE2

Part of subcall function 00461197: __EH_prolog.LIBCMT ref: 0046119C

Strings

n, xrefs: 0042CC8E
+, xrefs: 0042CC9C
y, xrefs: 0042CC95

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ExceptionException@8RaiseThrow
String ID: +$n$y
API String ID: 1193697898-3306889077
Opcode ID: 4850e2b9128ee2efb52ca4193c269e93b515dccdd766e8c8e9ce416194d495e3
Instruction ID: f7e8215d45fa6a78abee873fe4d6ab9a41dfb2205752a1cf28a35e60d1cd1578
Opcode Fuzzy Hash: 4850e2b9128ee2efb52ca4193c269e93b515dccdd766e8c8e9ce416194d495e3
Instruction Fuzzy Hash: 9D411470D04288DEDB10DFA5D9857EDBBB4AF55308F1080AEE109B7282DBB81F49CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00526C8E Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00526C93
_strlen.LIBCMT ref: 00526CBC
_strlen.LIBCMT ref: 00526CC9

Strings

module != 0 && module->name != 0 && module->version != 0, xrefs: 00526D76
cvRegisterModule, xrefs: 00526D65

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _strlen$H_prolog
String ID: cvRegisterModule$module != 0 && module->name != 0 && module->version != 0
API String ID: 1011152186-743800567
Opcode ID: e1a8f3d6a4e82fb2512811c3975d2da35bcaee969578eaa46d3e862e12932cdb
Instruction ID: 1c216b274c29c07072239776dbc70d41aa8b3040de0a75e9c3b73208a9111316
Opcode Fuzzy Hash: e1a8f3d6a4e82fb2512811c3975d2da35bcaee969578eaa46d3e862e12932cdb
Instruction Fuzzy Hash: BD31E0B2A002189BEB19DBA4DC51BEEBBB5EF45304F10852AF502D66A2DB749948CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00422B9B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00582111: __CxxThrowException@8.LIBVCRUNTIME ref: 0058212B

Part of subcall function 00582151: __CxxThrowException@8.LIBVCRUNTIME ref: 0058216B

__EH_prolog.LIBCMT ref: 00422C56

Part of subcall function 004B041D: __EH_prolog.LIBCMT ref: 004B0422

Strings

stoull argument out of range, xrefs: 00422C46
invalid stoull argument, xrefs: 00422C3C
invalid stoll argument, xrefs: 00422BE1
stoll argument out of range, xrefs: 00422BEB

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Exception@8H_prologThrow
String ID: invalid stoll argument$invalid stoull argument$stoll argument out of range$stoull argument out of range
API String ID: 3222999186-1946835417
Opcode ID: ccb6d40b597528f8010f630c3a5fe01da19375f0980106ba19eb153fbf8ae837
Instruction ID: fe06e94a4b8c7fc3fce178cda7316d0877a1ce9cf2d97226f3a7738e49367a7f
Opcode Fuzzy Hash: ccb6d40b597528f8010f630c3a5fe01da19375f0980106ba19eb153fbf8ae837
Instruction Fuzzy Hash: 5721D772B10218BFEB14AA94DD47AAEB7ADEF81321F10016AF90453602DBF56D00C7B5

Uniqueness

Uniqueness Score: -1.00%

Function 00526972 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

__swprintf.LEGACY_STDIO_DEFINITIONS ref: 00526A0F
__CxxThrowException@8.LIBVCRUNTIME ref: 00526A67

Strings

OpenCV Error: %s (%s) in %s, file %s, line %d, xrefs: 00526A09
%s, xrefs: 00526A1E
unknown function, xrefs: 005269E1, 00526A00

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Exception@8Throw__swprintf
String ID: %s$OpenCV Error: %s (%s) in %s, file %s, line %d$unknown function
API String ID: 2877379683-3808662302
Opcode ID: f0bf1f0858aa9d57627bb78dcaa79b95fe79175b50f9a71919c5454ad5ba66d1
Instruction ID: 3b8d40520611cb171773fca5a058683afeea0e28cbdaed5988659c37b117de5a
Opcode Fuzzy Hash: f0bf1f0858aa9d57627bb78dcaa79b95fe79175b50f9a71919c5454ad5ba66d1
Instruction Fuzzy Hash: 3431AF70500611DFEB18DB64E909E667BAAFF86300F50096CE142875E2DBB1F9C0CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00414F8F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00414FA1

Strings

)@A, xrefs: 0041415C

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Value
String ID: )@A
API String ID: 3702945584-964663934
Opcode ID: f31d188394a58046fcd61eff6e3b51ac5bb85199b8a6c03775566fc7413cb432
Instruction ID: 3f9ac80ab9e63e5c189cd3529ccbf7650f272e568715f3399f6b8bfdb81578f8
Opcode Fuzzy Hash: f31d188394a58046fcd61eff6e3b51ac5bb85199b8a6c03775566fc7413cb432
Instruction Fuzzy Hash: 8731B4B2D01209DFDB14EFA8C9499DEBFF8FF41310F10826AE815A7291D3349E458B95

Uniqueness

Uniqueness Score: -1.00%

Function 004B4A1D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B4A22
__Getcvt.LIBCPMT ref: 004B4A40
std::_Locinfo::_Getcvt.LIBCPMT ref: 004B4A70

Strings

false, xrefs: 004B4A87
true, xrefs: 004B4A99

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Getcvt$H_prologLocinfo::_std::_
String ID: false$true
API String ID: 312723928-2658103896
Opcode ID: 06ac028dd23ed2cc637c0f04b08e6e6cdaeaca24eb427d601aaf97b6d71e5260
Instruction ID: 98a047b2ec92a666e2e095e22c023d93f1b6ca525b1dc81a2246c472c5db7a08
Opcode Fuzzy Hash: 06ac028dd23ed2cc637c0f04b08e6e6cdaeaca24eb427d601aaf97b6d71e5260
Instruction Fuzzy Hash: E8218EB1804744AECB21DFA5C4419AEBBF8EF85310F10855FE45597612C7789A05CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004130E6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 00412F5C: __EH_prolog.LIBCMT ref: 00412F61

__CxxThrowException@8.LIBVCRUNTIME ref: 00413103

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0041310E
new.LIBCMT ref: 0041311F

Part of subcall function 0041308A: __EH_prolog.LIBCMT ref: 0041308F

Part of subcall function 0041046F: __EH_prolog.LIBCMT ref: 00410474

Strings

a0A, xrefs: 0041315C
5A, xrefs: 0041316E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ExceptionException@8RaiseThrow
String ID: a0A$5A
API String ID: 1193697898-3613670376
Opcode ID: 0453ab6e11982f829910caa79824c4668a638d97d96eae85b71ff3758c7a650f
Instruction ID: 5228e2c018721e28874958e8575dc73d0ed4b1a8756d38538d9b1c8856c80e62
Opcode Fuzzy Hash: 0453ab6e11982f829910caa79824c4668a638d97d96eae85b71ff3758c7a650f
Instruction Fuzzy Hash: 9421F3B1A00209EFC704DFA8C449A9DBBF9FF48318F10425EE5149B682D7B5E945CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00414B9F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,?,?,?,?,006BAFEF,000000FF,?,00414B54), ref: 00414C08
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,006BAFEF,000000FF,?,00414B54), ref: 00414C21
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,006BAFEF,000000FF,?,00414B54), ref: 00414C3C

Part of subcall function 00414F2A: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000), ref: 00414F51
Part of subcall function 00414F2A: GetLastError.KERNEL32 ref: 00414F5B

Part of subcall function 004146D0: WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 004146EE
Part of subcall function 004146D0: CloseHandle.KERNEL32(?), ref: 004146F7
Part of subcall function 004146D0: TerminateThread.KERNEL32(?,00000000), ref: 00414711

Part of subcall function 0041B25A: CloseHandle.KERNEL32(?,?,00000000,?,00414B30,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0041B26A

Strings

yFA, xrefs: 00414C45
IKA, xrefs: 00414BBF

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CloseHandle$CompletionCriticalDeleteErrorLastMultipleObjectsPostQueuedSectionStatusTerminateThreadWait
String ID: IKA$yFA
API String ID: 1875059124-2675676849
Opcode ID: 385b1d9adf83e12845914198d8f8e7a0cb604735594edb2dc88d8fb92c501079
Instruction ID: 87ecea2992fb7e7ac7017cbf84a817d9d6a6f21c01299ea272fee8c8fe13b94b
Opcode Fuzzy Hash: 385b1d9adf83e12845914198d8f8e7a0cb604735594edb2dc88d8fb92c501079
Instruction Fuzzy Hash: CD21C031400784EBD721EF65CA057DEBBF5EF40714F14455EE08257A91CBB82A88CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00410A77 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 32COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00410A7C

Strings

unspecified system error, xrefs: 00410AB0
asio.ssl.stream error, xrefs: 00410A9D
stream truncated, xrefs: 00410AB7
unexpected result, xrefs: 00410AA9

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: asio.ssl.stream error$stream truncated$unexpected result$unspecified system error
API String ID: 3519838083-2829376187
Opcode ID: dbb5516d7c3d89220cb4e4ca4bcf79310b10f97cd92497cff856f96e53a8ec9a
Instruction ID: 65e10c3dc9cb61e760b7f4d5ad23a2a917327bd022f706b357d93f4a6e5b9524
Opcode Fuzzy Hash: dbb5516d7c3d89220cb4e4ca4bcf79310b10f97cd92497cff856f96e53a8ec9a
Instruction Fuzzy Hash: F0F030B1A84325EB8714DF9CE5459E97BA4BF55780F00420BB84992681C6FE89C0879A

Uniqueness

Uniqueness Score: -1.00%

Function 0069CD82 Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8a423657d6bb5382cc7bc649591f87164532835b2354604c8317a08be089027
Instruction ID: 24ba474dbbdd3b28a4a5c7296d2cea6c369e8b687720244efb5db8b9d57c0838
Opcode Fuzzy Hash: a8a423657d6bb5382cc7bc649591f87164532835b2354604c8317a08be089027
Instruction Fuzzy Hash: FA71AF319002569BDF218F59C884AFFBB7FEF55370F24422AE811A7A81DB718D46C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 005CD190 Relevance: 7.6, APIs: 5, Instructions: 118COMMON

Download Yara Rule

APIs

Part of subcall function 005CCF80: CloseHandle.KERNEL32(00000000,2D5DBC68), ref: 005CCFDA
Part of subcall function 005CCF80: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,?,?,?,?,?,?,005CCF59,2D5DBC68), ref: 005CCFF5

ReleaseSemaphore.KERNEL32(?,000000FF,00000000,2D5DBC68,?,?,?,?,00000000,006DC152,000000FF,?,005CD34F,2D5DBC68,?), ref: 005CD216
ReleaseSemaphore.KERNEL32(?,?,00000000,?,?,00000000,006DC152,000000FF,?,005CD34F,2D5DBC68,?), ref: 005CD23E
CloseHandle.KERNEL32(?,2D5DBC68,?), ref: 005CD286
CloseHandle.KERNEL32(00000000,?,?,2D5DBC68,?), ref: 005CD2D9
SetEvent.KERNEL32(?), ref: 005CD2E0

Part of subcall function 00410CD6: CloseHandle.KERNEL32(00000000), ref: 00410CFA

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CloseHandle$ReleaseSemaphore$EventObjectSingleWait
String ID:
API String ID: 4166353394-0
Opcode ID: 60a81e64972fc3c5596f69fe96608fcf8635a61ed737797c15b586011bca7ab0
Instruction ID: ff90909f970adabf3b9b36100020f746d6f59d66c93a268ebd824719c57fa00f
Opcode Fuzzy Hash: 60a81e64972fc3c5596f69fe96608fcf8635a61ed737797c15b586011bca7ab0
Instruction Fuzzy Hash: FD41DA75A002059FEB258F98DC84F2ABBB9FB45321F1446BDEC18DB292D634DC41CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00425472 Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00425477
EnterCriticalSection.KERNEL32(?), ref: 0042548B
LeaveCriticalSection.KERNEL32(?), ref: 004254A1
EnterCriticalSection.KERNEL32(?), ref: 004254D5
LeaveCriticalSection.KERNEL32(?), ref: 004254FE

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$H_prolog
String ID:
API String ID: 1633115879-0
Opcode ID: 0fe3a8d94ac154ace3413d1bb34da292f4e706d2249084d226980c37feef89e6
Instruction ID: ac3abf8c6277ae92739443647cd5a365db8cf16a597941e0b50f57c79c2548f0
Opcode Fuzzy Hash: 0fe3a8d94ac154ace3413d1bb34da292f4e706d2249084d226980c37feef89e6
Instruction Fuzzy Hash: 42113431A45689EFDB01EBA4D9447FEBF78EF11312F54010AE440A3281C7780B88C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 006B2E06 Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 006B2E1E

Part of subcall function 006A071F: RtlFreeHeap.NTDLL(00000000,00000000,?,006B30B9,?,00000000,?,00000000,?,006B335D,?,00000007,?,?,006B3746,?), ref: 006A0735
Part of subcall function 006A071F: GetLastError.KERNEL32(?,?,006B30B9,?,00000000,?,00000000,?,006B335D,?,00000007,?,?,006B3746,?,?), ref: 006A0747

_free.LIBCMT ref: 006B2E30
_free.LIBCMT ref: 006B2E42
_free.LIBCMT ref: 006B2E54
_free.LIBCMT ref: 006B2E66

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 59dcfa55e4c1ebe0197b0e23b5d93812e247234f77e6c3c668d8c3ed99c6175e
Instruction ID: a9bd2fc81ccc56ffc52ee5ada315827af27516196d19c29db94d0d854f5d902a
Opcode Fuzzy Hash: 59dcfa55e4c1ebe0197b0e23b5d93812e247234f77e6c3c668d8c3ed99c6175e
Instruction Fuzzy Hash: 08F090B2500205AB9660FB69E8E6C8B73EBBA057107645C09F105D7A60CB34FCC18F7C

Uniqueness

Uniqueness Score: -1.00%

Function 00419760 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00419764

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 0041976F

Part of subcall function 0047DA23: __EH_prolog.LIBCMT ref: 0047DA28
Part of subcall function 0047DA23: GetModuleHandleA.KERNEL32(?,00000000,?,?,00000000,00000000), ref: 0047DAD7
Part of subcall function 0047DA23: GetProcAddress.KERNEL32(00000000), ref: 0047DADE

Part of subcall function 00413FDC: std::_Throw_Cpp_error.LIBCPMT ref: 00413FE7

Strings

@, xrefs: 004197F0
a, xrefs: 0041986A

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$AddressCpp_errorExceptionException@8HandleModuleProcRaiseThrowThrow_std::_
String ID: @$a
API String ID: 3644655947-1149691066
Opcode ID: 3b5b8556bd1bdac272b59f0152efe826c713ddc6596facfff1cf8d5a23eda2a9
Instruction ID: d66daccddaeb2d3ad5201b83bf8248fc7281e3163b32ea7fe0d6d35e5a3db004
Opcode Fuzzy Hash: 3b5b8556bd1bdac272b59f0152efe826c713ddc6596facfff1cf8d5a23eda2a9
Instruction Fuzzy Hash: CC81E671D0424CAEDB00EFE9D881BDDBBB8AF59304F10412EF515A7291EB785E84CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00431029 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 0043102D

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 00431038

Part of subcall function 00460CFB: __EH_prolog.LIBCMT ref: 00460D00

Part of subcall function 004AB703: std::_Deallocate.LIBCONCRT ref: 004AB733

Part of subcall function 004B201B: __EH_prolog.LIBCMT ref: 004B2020
Part of subcall function 004B201B: _strlen.LIBCMT ref: 004B203A

Part of subcall function 004B20A2: __EH_prolog.LIBCMT ref: 004B20A7

Strings

dpY, xrefs: 004311DB
FpY, xrefs: 0043124F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$DeallocateExceptionException@8RaiseThrow_strlenstd::_
String ID: FpY$dpY
API String ID: 4023453450-3650155637
Opcode ID: 73a67dee49863af33d5f46c814c7f9ecdd7f116e1159cf3a49f6f21767ee7f63
Instruction ID: fb2447aa34764a571abd3f9cec200c76fe2e6f71027938b77562c14ccfdb4a2d
Opcode Fuzzy Hash: 73a67dee49863af33d5f46c814c7f9ecdd7f116e1159cf3a49f6f21767ee7f63
Instruction Fuzzy Hash: EF718FB1D04248EEDF00EFA9C846ADEBFB4AF56304F54409EE40577252DB781E45CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00472DF3 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00472DF8

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Strings

p, xrefs: 00472E8B
0, xrefs: 00472E2D
;, xrefs: 00472E84

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: DeallocateH_prologstd::_
String ID: 0$;$p
API String ID: 3881773970-3246451993
Opcode ID: 25c25d5646e568f5cffa35d509f10dc034af25ee65ede6c3b2d68afe1ee59616
Instruction ID: ae006c7664ab914648c69fb3280df63de5fa729f7eb102c209364f70d6f62fbc
Opcode Fuzzy Hash: 25c25d5646e568f5cffa35d509f10dc034af25ee65ede6c3b2d68afe1ee59616
Instruction Fuzzy Hash: 4861F371D05288DADF00EFA9D9867DDBFB4AF65304F10809EE509A7282DB781B48CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004B5592 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B5597

Part of subcall function 004BE812: __EH_prolog.LIBCMT ref: 004BE817

Part of subcall function 00426744: __EH_prolog.LIBCMT ref: 00426749

Part of subcall function 004B85B1: __EH_prolog.LIBCMT ref: 004B85B6
Part of subcall function 004B85B1: __CxxThrowException@8.LIBVCRUNTIME ref: 004B8618

Strings

void __cdecl boost::property_tree::xml_parser::read_xml_internal<class boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class st, xrefs: 004B562E
e, xrefs: 004B5635
read error, xrefs: 004B55FF

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Exception@8Throw
String ID: e$read error$void __cdecl boost::property_tree::xml_parser::read_xml_internal<class boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class st
API String ID: 1007369359-1872691895
Opcode ID: 86956b5210a13187e7ecb1da0528a131ac756f7ce626937e266841199686272c
Instruction ID: 77c353d1613bf1d7c6e9ff332de183f1575bb3ff2b1075d8f7d0b28d3d3f0447
Opcode Fuzzy Hash: 86956b5210a13187e7ecb1da0528a131ac756f7ce626937e266841199686272c
Instruction Fuzzy Hash: 63613170E01258DECB21DFA9C980ADDFBB1BF18304F5081AEE449B7241DB795A84CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00412B0E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00412B13

Part of subcall function 0040F438: __EH_prolog.LIBCMT ref: 0040F43D

Part of subcall function 00413005: __EH_prolog.LIBCMT ref: 0041300A

Part of subcall function 0041046F: __EH_prolog.LIBCMT ref: 00410474

new.LIBCMT ref: 00412BF7

Part of subcall function 00412ECB: __EH_prolog.LIBCMT ref: 00412ED0

Strings

class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void), xrefs: 00412BCD
5A, xrefs: 00412BA0

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)$5A
API String ID: 3519838083-1110745283
Opcode ID: 0a02acd04198e97da5b4294e347e402fe5ec5a190bc420b058f0fa2880f9b63a
Instruction ID: 74f255da9f5d830f86434fac7068c22bc75ddf711811b1d044a069a6a3fb180b
Opcode Fuzzy Hash: 0a02acd04198e97da5b4294e347e402fe5ec5a190bc420b058f0fa2880f9b63a
Instruction Fuzzy Hash: CE5165B1D05248DFDB00DF98D9846EEBFF5AF15308F14806EE504AB341E7B89A88CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0042F34C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122sleepCOMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 0042F350

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

Sleep.KERNEL32(000003E8,?,?,?,?,?,00000000), ref: 0042F469

Strings

$, xrefs: 0042F45B
D, xrefs: 0042F421

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ExceptionException@8RaiseSleepThrow
String ID: $$D
API String ID: 38309065-1079792385
Opcode ID: e855dab888d90e1ece30763859fb7e85c47ef4f65fe9000f779bdef2e355ae8e
Instruction ID: 398d64158e90a984a05c02784c47c8e746ee523f7a4b4d72c6d0a36603d5c62d
Opcode Fuzzy Hash: e855dab888d90e1ece30763859fb7e85c47ef4f65fe9000f779bdef2e355ae8e
Instruction Fuzzy Hash: EA411DB190120DAFEB109BA0DC89EEFBB7CFB89314F004465F609A2161D7756E48CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 005CEE50 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00000000,00000000,2D5DBC68), ref: 005CEE82
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 005CEEBD
GetLastError.KERNEL32 ref: 005CEEC7

Part of subcall function 005D47B0: __CxxThrowException@8.LIBVCRUNTIME ref: 005D4855

Strings

boost::filesystem::current_path, xrefs: 005CEED1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CurrentDirectory$ErrorException@8LastThrow
String ID: boost::filesystem::current_path
API String ID: 786775625-4026011040
Opcode ID: 34ba431c0e3e1902e248736608bc93c538694c21e1325327c6e4db9101f2c64b
Instruction ID: 2b91fbb656eadc5c54d0b58912f9313d96644c4c26ca662b6e91dc839e2a9301
Opcode Fuzzy Hash: 34ba431c0e3e1902e248736608bc93c538694c21e1325327c6e4db9101f2c64b
Instruction Fuzzy Hash: 3221B471600245AFD7109F69DC06B5ABBEAFF45750F04462EF80ACB790E7B4E900C791

Uniqueness

Uniqueness Score: -1.00%

Function 00424DDE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00424DE3

Part of subcall function 004249FD: __EH_prolog.LIBCMT ref: 00424A02
Part of subcall function 004249FD: htonl.WS2_32(7F000001), ref: 00424A9C
Part of subcall function 004249FD: htonl.WS2_32(00000000), ref: 00424AF3
Part of subcall function 004249FD: htonl.WS2_32(7F000001), ref: 00424AFF

new.LIBCMT ref: 00424E94
new.LIBCMT ref: 00424EAA

Part of subcall function 00689E2F: Concurrency::cancel_current_task.LIBCPMT ref: 00689E47

Part of subcall function 00414734: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00414B24,00000000,00000000,?,?,00000000,00000000), ref: 00414749
Part of subcall function 00414734: GetLastError.KERNEL32(?,?,00414B24,00000000,00000000,?,?,00000000,00000000), ref: 0041475B
Part of subcall function 00414734: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00414B24,00000000,00000000,?,?,00000000,00000000), ref: 0041479E
Part of subcall function 00414734: GetLastError.KERNEL32(?,?,00414B24,00000000,00000000,?,?,00000000,00000000), ref: 004147B0
Part of subcall function 00414734: GetLastError.KERNEL32(?,?,?,?,?,?,?,00414B24,00000000), ref: 00414816
Part of subcall function 00414734: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00414B24,00000000), ref: 0041482C
Part of subcall function 00414734: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00414B24,00000000), ref: 0041483A

Strings

yFA, xrefs: 00424DF7

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ErrorLasthtonl$CloseCreateEventH_prologHandle$Concurrency::cancel_current_task
String ID: yFA
API String ID: 2183375162-60363592
Opcode ID: 2299be1529cdf88c418909576b262e71cfe97009283923b2b8674ba0aa90b7fe
Instruction ID: e2410ec6b11046f468dd03ba1824684763ecf8a3f1899d7cf40a9b1897127717
Opcode Fuzzy Hash: 2299be1529cdf88c418909576b262e71cfe97009283923b2b8674ba0aa90b7fe
Instruction Fuzzy Hash: 3231E2B0A01785FEE704DFA9C545B89FFB4BF50304F10826EE1589B282C7B85A54CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004140F9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004140FE
__ExceptionPtrCopy.LIBCPMT ref: 0041412F

Part of subcall function 00582D26: _Reset.LIBCPMT ref: 00582D3A

__ExceptionPtrCopy.LIBCPMT ref: 00414167

Part of subcall function 00582DB3: shared_ptr.LIBCPMT ref: 00582DBB

Part of subcall function 00582D16: shared_ptr.LIBCPMT ref: 00582D1F

Strings

)@A, xrefs: 0041415C

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CopyExceptionshared_ptr$H_prologReset
String ID: )@A
API String ID: 3356224348-964663934
Opcode ID: 25f800c6cad72c364c18cfbcf649618c335befb1227d7aeb18aff7734a65c357
Instruction ID: f99f7249fa56ae8e0a70bdf426ee4549c90b71bd115ae9360ca48c8d4fa7b845
Opcode Fuzzy Hash: 25f800c6cad72c364c18cfbcf649618c335befb1227d7aeb18aff7734a65c357
Instruction Fuzzy Hash: 572150B2C01209AFDB10EFA8C94A9DEBFF8FF45310F10865AE415A3291E7759B058B54

Uniqueness

Uniqueness Score: -1.00%

Function 005CED90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

CreateDirectoryExW.KERNEL32(?,?,00000000,?,00435880,005CED1C,?,00000000,00435880,?), ref: 005CEDD3
CreateDirectoryW.KERNEL32(?,00000000,?,00435880,005CED1C,?,00000000,00435880,?), ref: 005CEDEA
GetLastError.KERNEL32(00000000), ref: 005CEDFD

Strings

boost::filesystem::create_directory, xrefs: 005CEE35

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CreateDirectory$ErrorLast
String ID: boost::filesystem::create_directory
API String ID: 2485089472-2941204237
Opcode ID: 87f316f5aeb29a15cda193debe7de4ad6898654a8b1890c078107965bcce6c81
Instruction ID: 96c0899df0d94e7376a23c1fd91879f38e820a2f8e8e5f01917be07ba15b2510
Opcode Fuzzy Hash: 87f316f5aeb29a15cda193debe7de4ad6898654a8b1890c078107965bcce6c81
Instruction Fuzzy Hash: 65116A716043409FD720DFA9988AF47BFE9BB81759F04082DF4469B252E774D948CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 004B2185 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B218A
__To_wide.LIBCPMT ref: 004B21D6
_wcslen.LIBCMT ref: 004B2200

Strings

invalid char filename argument, xrefs: 004B21E1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prologTo_wide_wcslen
String ID: invalid char filename argument
API String ID: 3743069396-1242024027
Opcode ID: ce248c9b76cab28e3bfe0f4cf382fe857c104996694ccf4999fe2e4bab742bed
Instruction ID: fa1ab27e1ba1122e289714b8d9f02065ffaf2acf568b413928bd7f12dd88e1a8
Opcode Fuzzy Hash: ce248c9b76cab28e3bfe0f4cf382fe857c104996694ccf4999fe2e4bab742bed
Instruction Fuzzy Hash: AD219F719042099EDB14EF98DA85AEEBBB8FF18310F1005AFE104E7281DBB45F40CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00413208 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 00412ECB: __EH_prolog.LIBCMT ref: 00412ED0

__CxxThrowException@8.LIBVCRUNTIME ref: 00413225

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 00413230
new.LIBCMT ref: 00413241

Part of subcall function 00413005: __EH_prolog.LIBCMT ref: 0041300A

Part of subcall function 0041046F: __EH_prolog.LIBCMT ref: 00410474

Strings

5A, xrefs: 00413290

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ExceptionException@8RaiseThrow
String ID: 5A
API String ID: 1193697898-1205544748
Opcode ID: 384d465795c22ab1ba6152e2b118ee0d2ee54f20568b894faee348875323fcc2
Instruction ID: 2959379232cb9b729b7ea92543b75de708907a1a88a4badf2d514b17641bbd42
Opcode Fuzzy Hash: 384d465795c22ab1ba6152e2b118ee0d2ee54f20568b894faee348875323fcc2
Instruction Fuzzy Hash: D521F3B1A00209EBC704DFA8C849B9DBBF9FF48328F10425DE0149B682E7B5E944CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00576A2C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00576A31

Part of subcall function 00579730: __EH_prolog.LIBCMT ref: 00579735

_strlen.LIBCMT ref: 00576A53

Strings

}jW, xrefs: 00576A4D
Windows bitmap (*.bmp;*.dib), xrefs: 00576A47, 00576A4C, 00576A5A

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$_strlen
String ID: Windows bitmap (*.bmp;*.dib)$}jW
API String ID: 1490583215-1740260866
Opcode ID: 71b5646ddde94cff020f9d6448a3056f2f6b78017e63f0dba83c0cbd5f5bf5e5
Instruction ID: 030bba940c4e6c41b1e2b76196a51ab20cdfe42042398e5736aee373c93e6e37
Opcode Fuzzy Hash: 71b5646ddde94cff020f9d6448a3056f2f6b78017e63f0dba83c0cbd5f5bf5e5
Instruction Fuzzy Hash: 77F0A0B1910644AFDB24AF5CD9067AEFBF8EF91721F10466FF41593692C7B81D0086A4

Uniqueness

Uniqueness Score: -1.00%

Function 0041645F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00416464
std::exception::exception.LIBCONCRT ref: 00416481

Part of subcall function 0040F2EC: ___std_exception_copy.LIBVCRUNTIME ref: 0040F313

Part of subcall function 0041CC56: __EH_prolog.LIBCMT ref: 0041CC5B
Part of subcall function 0041CC56: __CxxThrowException@8.LIBVCRUNTIME ref: 0041CCA9

Strings

could not convert calendar time to UTC time, xrefs: 00416479
\$n, xrefs: 00416498

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Exception@8Throw___std_exception_copystd::exception::exception
String ID: \$n$could not convert calendar time to UTC time
API String ID: 4220666059-2154543917
Opcode ID: d7fddeb6a064ba2be686af1137db9a1ef2c884885b7df00f073050f86353281e
Instruction ID: 8a9a92933aec560c30ce54c15b6476c3cd712f5fe7399fc520bae466908f9048
Opcode Fuzzy Hash: d7fddeb6a064ba2be686af1137db9a1ef2c884885b7df00f073050f86353281e
Instruction Fuzzy Hash: 11E0927094410AABDF00FF90D4127EDBF75EB10308F00406DE80966682DB354A89C7C9

Uniqueness

Uniqueness Score: -1.00%

Function 00694DA2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,00000000,?,00694E72,00000000), ref: 00694DB8
FreeLibrary.KERNEL32(00000000,00000000,?,00694E72,00000000), ref: 00694DC7
_free.LIBCMT ref: 00694DCE

Strings

rNi, xrefs: 00694DA8, 00694DCD

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CloseFreeHandleLibrary_free
String ID: rNi
API String ID: 621396759-4070628955
Opcode ID: 4be1767a745363d1034496d1ebfe29672bafa37095298dd1f2ee2e283b9b87a8
Instruction ID: cc26c4fcb4a770e691d764eabadab309c4522081c77c2f79e02484117e592f6e
Opcode Fuzzy Hash: 4be1767a745363d1034496d1ebfe29672bafa37095298dd1f2ee2e283b9b87a8
Instruction Fuzzy Hash: 3EE04632400724ABDB212B45E848F96BBAAEF40321F14802AE55916960CB75AC99CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0040F250 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0040F255
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 0040F261

Strings

CreateSymbolicLinkW, xrefs: 0040F25B
kernel32.dll, xrefs: 0040F250

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: CreateSymbolicLinkW$kernel32.dll
API String ID: 1646373207-1962376091
Opcode ID: bd1c4cbd6ce50e022914dd3e2c166698ba0eed112ea3e3cb77a4a08f240cc9c4
Instruction ID: 590e85ebbecf18d2bf37684d831ec6b356c8ba3942a5e88775856824f88f2486
Opcode Fuzzy Hash: bd1c4cbd6ce50e022914dd3e2c166698ba0eed112ea3e3cb77a4a08f240cc9c4
Instruction Fuzzy Hash: 19B092B05823D0ABDB005BE1ACCD91C3B2ABA14702701A451F842CE664DFB442828E14

Uniqueness

Uniqueness Score: -1.00%

Function 0040F230 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0040F235
GetProcAddress.KERNEL32(00000000,CreateHardLinkW), ref: 0040F241

Strings

CreateHardLinkW, xrefs: 0040F23B
kernel32.dll, xrefs: 0040F230

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: CreateHardLinkW$kernel32.dll
API String ID: 1646373207-294928789
Opcode ID: e8356c8db0eb464db37513e9733c3783437a20d9dd90c0bb0afac3dc72d696ec
Instruction ID: 14882fced2e313a79112ea7472962911ea01498a907f2e19416e74a3366ec373
Opcode Fuzzy Hash: e8356c8db0eb464db37513e9733c3783437a20d9dd90c0bb0afac3dc72d696ec
Instruction Fuzzy Hash: 5EB092B15813C49BDB005BF2AC4D91C3AAAFA0A782B019021F141AE660DBB852828F14

Uniqueness

Uniqueness Score: -1.00%

Function 00477584 Relevance: 6.2, APIs: 4, Instructions: 236COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00477589

Part of subcall function 00477972: __EH_prolog.LIBCMT ref: 00477977

Part of subcall function 00461060: __EH_prolog.LIBCMT ref: 00461065

Part of subcall function 00461060: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 004610E6
Part of subcall function 00461060: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00000000,?,?,00000000), ref: 0046111C

Part of subcall function 00476ADD: __EH_prolog.LIBCMT ref: 00476AE2

Part of subcall function 004B1FC7: __EH_prolog.LIBCMT ref: 004B1FCC

Part of subcall function 004B0769: __EH_prolog.LIBCMT ref: 004B076E

Part of subcall function 0044E82C: __EH_prolog.LIBCMT ref: 0044E831

Part of subcall function 0044DE59: __EH_prolog.LIBCMT ref: 0044DE5E
Part of subcall function 0044DE59: new.LIBCMT ref: 0044DE84
Part of subcall function 0044DE59: GetModuleHandleA.KERNEL32(?,?,?,?,00000000), ref: 0044DEEB
Part of subcall function 0044DE59: GetProcAddress.KERNEL32(?,?), ref: 0044DF6C

GetCurrentProcess.KERNEL32(00000000,?,00000104,00000001,00000000,00000000), ref: 00477877
QueryFullProcessImageNameW.KERNEL32(00000000), ref: 0047787E
GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000001,00000000,00000000), ref: 00477893

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ByteCharModuleMultiNameProcessWide$AddressCurrentFileFullHandleImageProcQuery
String ID:
API String ID: 1400389073-0
Opcode ID: daa91a3d4ac90b48ad98c1bc427d7e0625199bf09e79e4707d205b216cb46ec6
Instruction ID: 77dbdb629de6e5b2ffc1487bde3b959b04d2b71e04adcbb9b4aafba9b4c546bf
Opcode Fuzzy Hash: daa91a3d4ac90b48ad98c1bc427d7e0625199bf09e79e4707d205b216cb46ec6
Instruction Fuzzy Hash: FF919170D05248DEEB10EBA9C885BEEBBB4EF55318F24409EE005672D2DBB81F44CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00428C15 Relevance: 6.2, APIs: 4, Instructions: 215COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00428C19

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 00428C24

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ExceptionException@8H_prologRaiseThrow
String ID:
API String ID: 1681477883-0
Opcode ID: 12c126017bac493b87436cdb4e7aaa7d22f66e67c0da983c2690849cdd9225cc
Instruction ID: 09943afd76b2b5a18f3034c807080fe7ad61a4c7bfeed76e4b810f933ad66ed5
Opcode Fuzzy Hash: 12c126017bac493b87436cdb4e7aaa7d22f66e67c0da983c2690849cdd9225cc
Instruction Fuzzy Hash: D681E470904208AFDB18EFA5D881BEEBBB8EF45318F10851EF151A72D2DB7C5A45CB64

Uniqueness

Uniqueness Score: -1.00%

Function 005836B1 Relevance: 6.1, APIs: 4, Instructions: 136COMMONLIBRARYCODE

Download Yara Rule

APIs

__Getcvt.LIBCPMT ref: 00583709
MultiByteToWideChar.KERNEL32(?,00000009,?,00000002,?,00000000,?,?,00000000), ref: 00583757
MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?,?,00000000), ref: 005837C9
MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?,?,00000000), ref: 005837F1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$Getcvt
String ID:
API String ID: 3195005509-0
Opcode ID: a3b2177d8fdd4ecda830a65a8d8357f5f0bfd8249116f44052f9ee3a900161d2
Instruction ID: 028dbf08a08d6e8980168f097ad405ac58da46d692f257a6541ef53f62bb6532
Opcode Fuzzy Hash: a3b2177d8fdd4ecda830a65a8d8357f5f0bfd8249116f44052f9ee3a900161d2
Instruction Fuzzy Hash: 2B41DFB1600385AFEB21AF69C841B6ABFE9FF41B10F144429EC51EB290E771DE44CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00424FD8 Relevance: 6.1, APIs: 4, Instructions: 116COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00424FDD
EnterCriticalSection.KERNEL32(?), ref: 00424FF1
LeaveCriticalSection.KERNEL32(?), ref: 0042501F
CloseHandle.KERNEL32(00000004), ref: 00425044

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalSection$CloseEnterH_prologHandleLeave
String ID:
API String ID: 2171098948-0
Opcode ID: 0ff9093e8cd333616d5b5af9b1e4738176e8b7a1af486dcb1692b5c5d15b3d57
Instruction ID: 85d8d80b7c220fc05af3a2f7d44c9744e694d5b0b3e2059fba10bea74bec90c5
Opcode Fuzzy Hash: 0ff9093e8cd333616d5b5af9b1e4738176e8b7a1af486dcb1692b5c5d15b3d57
Instruction Fuzzy Hash: 54417971A01A259FCB28DFA8D880BAEFBB0BF04710F40415ED915AB341CB74AE40CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 006B042E Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,00000107,00000000,00000000,?,?,?,?,00000001,00000107,?,00000001,?,00000000), ref: 006B047B
MultiByteToWideChar.KERNEL32(?,00000001,?,00000107,00000000,?,?,?,?,00000001,00000107,?,00000001,?,00000000,?), ref: 006B0504
GetStringTypeW.KERNEL32(00000001,00000000,00000000,00000001,?,?,?,00000001,00000107,?,00000001,?,00000000,?,00000107,?), ref: 006B0516
__freea.LIBCMT ref: 006B051F

Part of subcall function 006A108E: RtlAllocateHeap.NTDLL(00000000,00000003,00000003,?,006AAD9E,00001000,00000000,?,?,?,006A082B,00000000,00000000,00000000,?,?), ref: 006A10C0

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 97f42e6e783000c67b4c068e863534cc4fc4ab11a9e61b10c8c2f8b25a44b242
Instruction ID: cc9d3210c437c6616901ac33e6ac38521ebe38c45e241f758d63c01827b6ee30
Opcode Fuzzy Hash: 97f42e6e783000c67b4c068e863534cc4fc4ab11a9e61b10c8c2f8b25a44b242
Instruction Fuzzy Hash: DB31AEB2A0021AABEF259F64CC45DEF7BA6EB40310F144169FC05DA290EB35CD90CB90

Uniqueness

Uniqueness Score: -1.00%

Function 005717F8 Relevance: 6.1, APIs: 4, Instructions: 91COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 005717FD
new.LIBCMT ref: 0057182A
InitializeCriticalSection.KERNEL32(0000001C,00000000,007A4460,?,?,00571F4A,?,?,?,0040F09B), ref: 0057184D
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00571F4A,?,?,?,0040F09B), ref: 00571864

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CreateCriticalEventH_prologInitializeSection
String ID:
API String ID: 3158263371-0
Opcode ID: 94b41bb9ff59bbe4f5ad02acec730859a2dbfae20486d502a5a7aa5c2f1e2c00
Instruction ID: 876213ab9cbc130f362b3ed82c620c3093d4f37ea1a0ae280deac4a34f932a9a
Opcode Fuzzy Hash: 94b41bb9ff59bbe4f5ad02acec730859a2dbfae20486d502a5a7aa5c2f1e2c00
Instruction Fuzzy Hash: BC3132B08053009FDBA4DF68D8847967BE4FF09310F1046AEEC19CF28AE3B18944CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00414E09 Relevance: 6.1, APIs: 4, Instructions: 84COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00414E0E
TlsGetValue.KERNEL32 ref: 00414E88
TlsSetValue.KERNEL32(?), ref: 00414EA1
TlsSetValue.KERNEL32(?,?,?,?,?,?,?), ref: 00414ED4

Part of subcall function 00414F2A: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000), ref: 00414F51
Part of subcall function 00414F2A: GetLastError.KERNEL32 ref: 00414F5B

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Value$CompletionErrorH_prologLastPostQueuedStatus
String ID:
API String ID: 158160221-0
Opcode ID: 586e919ffb6655bfbbf2e445b8256441f2e0ea899b9af754ab72a0c52bca22dc
Instruction ID: d71777ad571c8ca19c34f38a4bac23b68ce0d84137122360d3092e72d4341679
Opcode Fuzzy Hash: 586e919ffb6655bfbbf2e445b8256441f2e0ea899b9af754ab72a0c52bca22dc
Instruction Fuzzy Hash: DC31C071D00608EFDB05DFA9D8819EEBBB5FF88300F10813EE415A7260DB395A098B94

Uniqueness

Uniqueness Score: -1.00%

Function 00416C3E Relevance: 6.1, APIs: 4, Instructions: 67networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(?), ref: 00416C76

Part of subcall function 00416B9A: __EH_prolog.LIBCMT ref: 00416B9F

htonl.WS2_32(00000000), ref: 00416C8D
htonl.WS2_32(00000000), ref: 00416C94
htons.WS2_32(?), ref: 00416CA8

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: htonlhtons$H_prolog
String ID:
API String ID: 984249084-0
Opcode ID: 69d3e31cd2f03239069176d02f0421dedb84e356e9a7d0d2334ac185ddb40043
Instruction ID: e7ff9ceaa40ac1d9ce4b5bbe90b71808129459a827f70b7e23d2d4d09dd11159
Opcode Fuzzy Hash: 69d3e31cd2f03239069176d02f0421dedb84e356e9a7d0d2334ac185ddb40043
Instruction Fuzzy Hash: 81216376914204ABCB209FA4DC06F9AB7F9FF48710F00852BF956D7690E738E8548B95

Uniqueness

Uniqueness Score: -1.00%

Function 00410817 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041081C
PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000), ref: 00410856
EnterCriticalSection.KERNEL32 ref: 00410867
LeaveCriticalSection.KERNEL32(?,?), ref: 00410897

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalSection$CompletionEnterH_prologLeavePostQueuedStatus
String ID:
API String ID: 3890610498-0
Opcode ID: 9f8ffbdbcf60fbe60262c8921c14737b7b0069439acc42f7ec21859bc28d27a0
Instruction ID: 595c1b188952251bd2dacb951881a4d652b48873ec76a9dc35cae2145f26181e
Opcode Fuzzy Hash: 9f8ffbdbcf60fbe60262c8921c14737b7b0069439acc42f7ec21859bc28d27a0
Instruction Fuzzy Hash: FC11EF71905215DBDB15EF64C885BAFBBB8FF45729F10006EE801AB341C7B89981CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 004AB56B Relevance: 6.1, APIs: 4, Instructions: 58COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004AB570
std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 004AB58D

Part of subcall function 005843D7: __EH_prolog3.LIBCMT ref: 005843DE
Part of subcall function 005843D7: new.LIBCMT ref: 005843E5
Part of subcall function 005843D7: std::locale::_Locimp::_Locimp.LIBCPMT ref: 005843FC

Part of subcall function 004211A8: __EH_prolog.LIBCMT ref: 004211AD
Part of subcall function 004211A8: std::_Lockit::_Lockit.LIBCPMT ref: 004211C1
Part of subcall function 004211A8: std::_Lockit::~_Lockit.LIBCPMT ref: 004211E1

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 004AB5A9

Part of subcall function 00583CC5: __EH_prolog3.LIBCMT ref: 00583CCC
Part of subcall function 00583CC5: std::_Lockit::_Lockit.LIBCPMT ref: 00583CD6
Part of subcall function 00583CC5: Concurrency::cancel_current_task.LIBCPMT ref: 00583D09
Part of subcall function 00583CC5: std::_Lockit::~_Lockit.LIBCPMT ref: 00583D7C

_Yarn.LIBCPMT ref: 004AB5BD

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Locimp::_std::locale::_$H_prologH_prolog3LocimpLockit::_Lockit::~_$AddfacConcurrency::cancel_current_taskLocimp_New_Yarn
String ID:
API String ID: 3501155517-0
Opcode ID: 062c1b1ec6b5b8f7a93138f2578596e16de038775c30bf3b263c81f7f22aedb0
Instruction ID: bfeef356df4ba868fc20926f83e03bfe523200e894b43230a5974da24efb3e8f
Opcode Fuzzy Hash: 062c1b1ec6b5b8f7a93138f2578596e16de038775c30bf3b263c81f7f22aedb0
Instruction Fuzzy Hash: E011DD71A00615AFD714EF55C44AB7AFBA4FF21326F00822EE50697692CB79AD10CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 004B0DE2 Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004B399D: __EH_prolog.LIBCMT ref: 004B39A2

__CxxThrowException@8.LIBVCRUNTIME ref: 004B0DFC

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 004B0E07
GetProcessHeap.KERNEL32(00000000,00000040), ref: 004B0E1B
HeapAlloc.KERNEL32(00000000), ref: 004B0E22

Part of subcall function 0040F438: __EH_prolog.LIBCMT ref: 0040F43D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Heap$AllocExceptionException@8ProcessRaiseThrow
String ID:
API String ID: 1668733864-0
Opcode ID: d23a0b3dc1c94f81aa508c56cd2c60338607f869b22be358fc248e92d61e491c
Instruction ID: 350d84d1d5f25fe52a91066693df434387abb4621305467a0a35fe1cc05a434f
Opcode Fuzzy Hash: d23a0b3dc1c94f81aa508c56cd2c60338607f869b22be358fc248e92d61e491c
Instruction Fuzzy Hash: 771191B1D05258DBDB10EFA9C54ABAEBFB8EF08700F10046EE544A7242D7B95E04CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 006AB2BD Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,006AB264,?,00000000,00000000,00000000,?,006AB590,00000006,FlsSetValue), ref: 006AB2EF
GetLastError.KERNEL32(?,006AB264,?,00000000,00000000,00000000,?,006AB590,00000006,FlsSetValue,0071F508,0071F510,00000000,00000364,?,006A9FB1), ref: 006AB2FB
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,006AB264,?,00000000,00000000,00000000,?,006AB590,00000006,FlsSetValue,0071F508,0071F510,00000000), ref: 006AB309

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 4376a6cb57514a3e2f998794821d34c283dc87282710ac62b7bad34459de6416
Instruction ID: 4bdbfffff69f1da8354d80988fd09d6fcd354b261645325d4f3cf7198916ad7f
Opcode Fuzzy Hash: 4376a6cb57514a3e2f998794821d34c283dc87282710ac62b7bad34459de6416
Instruction Fuzzy Hash: F401FC32605223ABDF215B68AC44AA777DAEF06760B115124F905D7242D760DD018EE0

Uniqueness

Uniqueness Score: -1.00%

Function 0042400C Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00424011
PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 00424045
EnterCriticalSection.KERNEL32 ref: 00424056
LeaveCriticalSection.KERNEL32(?,?), ref: 00424079

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalSection$CompletionEnterH_prologLeavePostQueuedStatus
String ID:
API String ID: 3890610498-0
Opcode ID: 69df4b39d4aff6cd6478f95013156769a9bb6003584e35ece7b260fea5d2cb0d
Instruction ID: bf8b0a2ab09907e7b3f54f1672bf021df903123a154a6b7f892ca0429662d47f
Opcode Fuzzy Hash: 69df4b39d4aff6cd6478f95013156769a9bb6003584e35ece7b260fea5d2cb0d
Instruction Fuzzy Hash: 13118B71A0021AAFC710DF69D885B9EFBB8FF55721F00412AE515E7650D7B0AA54CFE0

Uniqueness

Uniqueness Score: -1.00%

Function 00424092 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00424097
PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 004240C9
EnterCriticalSection.KERNEL32 ref: 004240DA
LeaveCriticalSection.KERNEL32(?,?), ref: 004240FD

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalSection$CompletionEnterH_prologLeavePostQueuedStatus
String ID:
API String ID: 3890610498-0
Opcode ID: ad209a522ce5a102365635a8d2a9c0ab8a9610261a2056c889f7d081ebeb0a76
Instruction ID: 5ef1c91e3d7a23d27ffad0caffddf353d30ea94ee27d0fbe51ee90fa746b6dfd
Opcode Fuzzy Hash: ad209a522ce5a102365635a8d2a9c0ab8a9610261a2056c889f7d081ebeb0a76
Instruction Fuzzy Hash: 4D118E7190061AEFD710CF65D884BAEFBB8FF55725F10422AE91497250D3B0AA55CFE0

Uniqueness

Uniqueness Score: -1.00%

Function 00452EC0 Relevance: 6.0, APIs: 4, Instructions: 48networkCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00452EC5
WSAStartup.WS2_32(00000101,?), ref: 00452EFC
gethostbyname.WS2_32(?), ref: 00452F1B
inet_ntoa.WS2_32(?), ref: 00452F28

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prologStartupgethostbynameinet_ntoa
String ID:
API String ID: 3789426293-0
Opcode ID: f9bbe8c004ec359deb926b868d3b580d4f11b5644436f6f8a6ffa73d4713af27
Instruction ID: d8f70ffa042a331975101c60f6318a458026d59f382951e2fe8e46417805bd2a
Opcode Fuzzy Hash: f9bbe8c004ec359deb926b868d3b580d4f11b5644436f6f8a6ffa73d4713af27
Instruction Fuzzy Hash: DF115E71E012089FCB10DFA9D889AEDBBF9FF49310F0080ABE505D3250D7744A058B95

Uniqueness

Uniqueness Score: -1.00%

Function 00414FC5 Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00414FCA
PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,?), ref: 00414FE6
EnterCriticalSection.KERNEL32(?), ref: 00414FF8
LeaveCriticalSection.KERNEL32(?,?), ref: 0041501A

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalSection$CompletionEnterH_prologLeavePostQueuedStatus
String ID:
API String ID: 3890610498-0
Opcode ID: 795c4aaf7302f1d8da56c00ef435025cb7637fe8cdecffaf110e4b1caab2fa0b
Instruction ID: e4ccac70859e7255c06649105df93775297bbe88067fbb39c88871d14b751ec6
Opcode Fuzzy Hash: 795c4aaf7302f1d8da56c00ef435025cb7637fe8cdecffaf110e4b1caab2fa0b
Instruction Fuzzy Hash: B8018B72500609EFDB04DFA4DD84BEABBB9FF48325F00012AF60596590C7B09E55CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00417590 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 369COMMON

Download Yara Rule

APIs

Part of subcall function 0044DB7B: __EH_prolog.LIBCMT ref: 0044DB80
Part of subcall function 0044DB7B: GetTickCount64.KERNEL32 ref: 0044DBA6

__aulldiv.LIBCMT ref: 00417605

Part of subcall function 0041CE76: __EH_prolog.LIBCMT ref: 0041CE7B

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Part of subcall function 0041CECB: __Thrd_sleep.LIBCPMT ref: 0041CF5E

Strings

z, xrefs: 004178FE
E, xrefs: 00417905

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Count64DeallocateThrd_sleepTick__aulldivstd::_
String ID: E$z
API String ID: 2474810027-3358126013
Opcode ID: 588cd007f047332b7308b3dae4ef1a833568404c7f8d1eb4b78510cc390f5c74
Instruction ID: 2eaba0ccaa686da508d11499954a1da9c3e741317afdc22d313da4b1b5c9f64b
Opcode Fuzzy Hash: 588cd007f047332b7308b3dae4ef1a833568404c7f8d1eb4b78510cc390f5c74
Instruction Fuzzy Hash: 30E1067080528CDADB11EB64DD45BEEBBB89F52308F2080EEE04577192EB781F84DB65

Uniqueness

Uniqueness Score: -1.00%

Function 004337BF Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 301COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 004337C3

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

__EH_prolog.LIBCMT ref: 004337CE

Part of subcall function 0044DB7B: __EH_prolog.LIBCMT ref: 0044DB80
Part of subcall function 0044DB7B: GetTickCount64.KERNEL32 ref: 0044DBA6

Part of subcall function 004530A5: __EH_prolog.LIBCMT ref: 004530AA

Part of subcall function 004607D1: __EH_prolog.LIBCMT ref: 004607D6
Part of subcall function 004607D1: GetComputerNameW.KERNEL32 ref: 0046080D

Part of subcall function 00471490: __EH_prolog.LIBCMT ref: 00471495
Part of subcall function 00471490: GetUserNameW.ADVAPI32(00000000,?), ref: 004714E1

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Part of subcall function 0041CECB: __Thrd_sleep.LIBCPMT ref: 0041CF5E

Strings

Z, xrefs: 00433A20

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Name$ComputerCount64DeallocateExceptionException@8RaiseThrd_sleepThrowTickUserstd::_
String ID: Z
API String ID: 67087267-1505515367
Opcode ID: 6936b5b5cff2bf5511142529167f0f0c6787c392f27623eb3d1bd6948fc9669b
Instruction ID: e75bd0fc9609dba1d425c70c7c75589d46f10d8bf46f197f3992a8929ad6dd56
Opcode Fuzzy Hash: 6936b5b5cff2bf5511142529167f0f0c6787c392f27623eb3d1bd6948fc9669b
Instruction Fuzzy Hash: E1C1D670C05298EEDB11EB64DD85BDDBBB89F56308F1040EEE04577192DA781F84CB65

Uniqueness

Uniqueness Score: -1.00%

Function 005CEA70 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 005CEB37
__CxxThrowException@8.LIBVCRUNTIME ref: 005CECED

Part of subcall function 005CED90: CreateDirectoryExW.KERNEL32(?,?,00000000,?,00435880,005CED1C,?,00000000,00435880,?), ref: 005CEDD3

Strings

boost::filesystem::create_directories, xrefs: 005CEAB6, 005CECA3

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$CreateDirectory
String ID: boost::filesystem::create_directories
API String ID: 2901307233-2171239142
Opcode ID: 82fe8898462eabbab5a3bd5137425dea576a5c3d04c8123f9ad834508d30b31a
Instruction ID: 6f7992f25592b5bb747cf72b30758f9e2d9695e2689a35dec5efe62210ded7d9
Opcode Fuzzy Hash: 82fe8898462eabbab5a3bd5137425dea576a5c3d04c8123f9ad834508d30b31a
Instruction Fuzzy Hash: B6919E70D002199ECF20DBE4C886FEEBBB8BF55314F14456EE406A7241EB75AE49CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0043663F Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 218COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00436644

Part of subcall function 00460981: __EH_prolog.LIBCMT ref: 00460986

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Part of subcall function 004734EE: __EH_prolog.LIBCMT ref: 004734F3

Part of subcall function 004AB703: std::_Deallocate.LIBCONCRT ref: 004AB733

Strings

1.38, xrefs: 0043672A
T, xrefs: 004366E6

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Deallocatestd::_
String ID: 1.38$T
API String ID: 89631465-1427993570
Opcode ID: e750e5d3ca9c7100f2eae44ee9897e8e6b4560916c3e700f10bf579972159d78
Instruction ID: 6e48d48c6e03148c8822514970cb7de93f123c4316aff54180176b026ae7daa5
Opcode Fuzzy Hash: e750e5d3ca9c7100f2eae44ee9897e8e6b4560916c3e700f10bf579972159d78
Instruction Fuzzy Hash: DB810971C0528CE9DB11DBA8DD81BDDBBB89F66308F20419EE04577192DB741F48CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0044F6C7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 188COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0044F6CC

Part of subcall function 004AB703: std::_Deallocate.LIBCONCRT ref: 004AB733

Strings

G, xrefs: 0044F6F6
p, xrefs: 0044F74A

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: DeallocateH_prologstd::_
String ID: G$p
API String ID: 3881773970-729404109
Opcode ID: 94d77107c1bbdcd6190ee5f349cefed6046417644a9bd7f3502c232771c29889
Instruction ID: 40a51d229db9341d0e7df531c53e4d1e5e657513680bd561c8e3345f316e5f19
Opcode Fuzzy Hash: 94d77107c1bbdcd6190ee5f349cefed6046417644a9bd7f3502c232771c29889
Instruction Fuzzy Hash: 7A71D671C05288EAEB10DBE9D9457DDBFB8AF55304F1040AEE045A7182DB781B48CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00434D53 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 187COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00434D58

Part of subcall function 00461060: __EH_prolog.LIBCMT ref: 00461065

Strings

"vY, xrefs: 00434DDE
wAg, xrefs: 00434E37

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: "vY$wAg
API String ID: 3519838083-1768716462
Opcode ID: 2dec73764483e5abc5bc0378460c8e1a0de0bdf06f224f8983232b209a30d000
Instruction ID: 2fa68a94fd0d32a5c8376383fa7a0e4f225435e4e624bbceb963ee89a754a304
Opcode Fuzzy Hash: 2dec73764483e5abc5bc0378460c8e1a0de0bdf06f224f8983232b209a30d000
Instruction Fuzzy Hash: 5871AE70C04248EEEF10DFA9D985BDEBBB9EF95304F10409EE045A7252DBB86A44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 005E0BD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

crypto\async\async.c, xrefs: 005E0C1E, 005E0C6D, 005E0C92, 005E0CDF, 005E0CF9, 005E0D4D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID:
String ID: crypto\async\async.c
API String ID: 0-1899283870
Opcode ID: 39b47971c08dc4f6c7a5e15d589044e6103f360b1e8e4be50bd84a01db1e8ca4
Instruction ID: da3c53c4a4a0aebb8a8b2fc7cab16ca0a612ea9429f93283b614a609741fc94c
Opcode Fuzzy Hash: 39b47971c08dc4f6c7a5e15d589044e6103f360b1e8e4be50bd84a01db1e8ca4
Instruction Fuzzy Hash: 66411DB57807067AF63036556C4BF6B7F48BB90B56F240027FA88AC2C3FAD299508571

Uniqueness

Uniqueness Score: -1.00%

Function 00432DF8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00432DFD

Part of subcall function 00415489: __EH_prolog.LIBCMT ref: 0041548E
Part of subcall function 00415489: new.LIBCMT ref: 004154A0
Part of subcall function 00415489: new.LIBCMT ref: 004154DE

Part of subcall function 0041EE30: __EH_prolog.LIBCMT ref: 0041EE35

Part of subcall function 0041037A: __EH_prolog.LIBCMT ref: 0041037F

Part of subcall function 00452F81: __EH_prolog.LIBCMT ref: 00452F86
Part of subcall function 00452F81: socket.WS2_32(00000002,00000002,00000000), ref: 00452FB4

Part of subcall function 00416C3E: htons.WS2_32(?), ref: 00416C76
Part of subcall function 00416C3E: htonl.WS2_32(00000000), ref: 00416C8D
Part of subcall function 00416C3E: htonl.WS2_32(00000000), ref: 00416C94

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Strings

bind, xrefs: 00432EE6
open, xrefs: 00432E81

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$htonl$Deallocatehtonssocketstd::_
String ID: bind$open
API String ID: 2957969969-2728503700
Opcode ID: 24ee4f620a5cccde8f7c43e641fb2b716fa843550576fd8f63460b4becf80752
Instruction ID: 4ca38705aeddfdfacb98326116f125cd93acbfa0a6ffbd9d5e20148db8a6d732
Opcode Fuzzy Hash: 24ee4f620a5cccde8f7c43e641fb2b716fa843550576fd8f63460b4becf80752
Instruction Fuzzy Hash: AE517E71C0529CEEDB11EBE5D991BEEBBB4AF14304F1080AFE105A7182DA741B88DB65

Uniqueness

Uniqueness Score: -1.00%

Function 004334AB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004334B0

Part of subcall function 004333A6: __EH_prolog.LIBCMT ref: 004333AB

Strings

rY, xrefs: 00433581
'rY, xrefs: 004335C9

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: rY$'rY
API String ID: 3519838083-1727070709
Opcode ID: 46b618b54424aa12287b3cb71aa652064b017c339009dea8a79aeea476fad357
Instruction ID: 692f344c23351cecb39725d4d3077dfbbdfcf21885d61712d72860f172fa44e3
Opcode Fuzzy Hash: 46b618b54424aa12287b3cb71aa652064b017c339009dea8a79aeea476fad357
Instruction Fuzzy Hash: 674129B5E00219AFCB14CFA9C8449AEBBF5BF8C751F24416EE409E7310DB359A41CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004331C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004331CD

Part of subcall function 004330E8: __EH_prolog.LIBCMT ref: 004330ED

Strings

rY, xrefs: 00433296
'rY, xrefs: 004332CC

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: rY$'rY
API String ID: 3519838083-1727070709
Opcode ID: fb37b0818a0e19826a2187efdc4dcf1040dcd67f2b122291d9ba0d5725a1927b
Instruction ID: 0f5e3793816f3bba2d34fd07c16d742ccfd9016c05c8c025a83938d6cef4e951
Opcode Fuzzy Hash: fb37b0818a0e19826a2187efdc4dcf1040dcd67f2b122291d9ba0d5725a1927b
Instruction Fuzzy Hash: 224108B5E022199FCB14CFA9C584AAEBBB4BF4CB11F10419AE905E7350C7359E41CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 005CF600 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(2D5DBC68,?,00000000,?), ref: 005CF637
__CxxThrowException@8.LIBVCRUNTIME ref: 005CF730

Strings

boost::filesystem::status, xrefs: 005CF6E6

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ErrorException@8LastThrow
String ID: boost::filesystem::status
API String ID: 1006195485-3746320807
Opcode ID: e42739a45e596990b7cfc16a74c72c3356f572ff7a6c8eda62e78dd9af7f037f
Instruction ID: 02e877792801fd1c8b06ca71dec80e0a00fba2e46346229c47f147163ae3cec5
Opcode Fuzzy Hash: e42739a45e596990b7cfc16a74c72c3356f572ff7a6c8eda62e78dd9af7f037f
Instruction Fuzzy Hash: AB418D719002199FCB24EF98C884BADBFB6FF45314F25813EE819AB261D7749C44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 004165B5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004165BA

Strings

d, xrefs: 004165D0
Day of month is not valid for year, xrefs: 00416694

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: Day of month is not valid for year$d
API String ID: 3519838083-3980292007
Opcode ID: f0d9c1bc68be35919035e67856b0244b9289362c3dc5eae8e337aafa6987f361
Instruction ID: aa6edb0c93ecd5314a4e0f99c3c8531e0ddc2fcbff495adc8c709a8d16015b63
Opcode Fuzzy Hash: f0d9c1bc68be35919035e67856b0244b9289362c3dc5eae8e337aafa6987f361
Instruction Fuzzy Hash: 8E310872B402159AEB14CF79CD0A7FEB7A69B54314F06812BE504E72C4EA78CD44C2A4

Uniqueness

Uniqueness Score: -1.00%

Function 004B755A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 102COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B755F

Part of subcall function 004B4FA0: __EH_prolog.LIBCMT ref: 004B4FA5
Part of subcall function 004B4FA0: new.LIBCMT ref: 004B4FF1

Part of subcall function 004B503A: __EH_prolog.LIBCMT ref: 004B503F
Part of subcall function 004B503A: __CxxThrowException@8.LIBVCRUNTIME ref: 004B50A1

Strings

class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::string_path<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct boost::property_tree::id_transla, xrefs: 004B767C
Path syntax error, xrefs: 004B764E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Exception@8Throw
String ID: Path syntax error$class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::string_path<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct boost::property_tree::id_transla
API String ID: 1007369359-3032971650
Opcode ID: f189be5e101b9328370c96e4b9e25b85855082e6f39bc0c9d5a8a1199a76c993
Instruction ID: 1fe75e96094b70f8ad0054a53985330ea68fc853070fa1b5f7cb6a6fcb7f7e63
Opcode Fuzzy Hash: f189be5e101b9328370c96e4b9e25b85855082e6f39bc0c9d5a8a1199a76c993
Instruction Fuzzy Hash: 42418A71904249EFDB04DFA9C984AEDFBB4FF40304F14412EE405A7292D778AE95CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 005D4080 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 005D4310: ___std_exception_copy.LIBVCRUNTIME ref: 005D4362

new.LIBCMT ref: 005D40E6

Strings

E], xrefs: 005D40CC
LH], xrefs: 005D40B0

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: E]$LH]
API String ID: 2659868963-3060650702
Opcode ID: 77b1a5ef5243e7d6a76c58b63ee0674987db0f583cd877e34ef704fe3103e65e
Instruction ID: bd9410c490ee1d573dee63c77907cfe87397a9c892b7ca0e80118e31d218f4e5
Opcode Fuzzy Hash: 77b1a5ef5243e7d6a76c58b63ee0674987db0f583cd877e34ef704fe3103e65e
Instruction Fuzzy Hash: C531CBB0A05309EFDB10DF68D845B59BBB4FF09724F10026EE8188B381E779E955CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004224DD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004224E2
std::_Winerror_message.LIBCPMT ref: 0042252A

Part of subcall function 00584505: FormatMessageW.KERNEL32(00001200,00000000,00000008,00000000,?,00000000,00000000,00000000,00000000,00000001,00007FFF,00000000,?,00007FFF,00007FFF,00000000), ref: 00584553
Part of subcall function 00584505: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000000,00000000,00000000), ref: 00584572

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Strings

unknown error, xrefs: 00422539

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: std::_$ByteCharDeallocateFormatH_prologMessageMultiWideWinerror_message
String ID: unknown error
API String ID: 2358782872-3078798498
Opcode ID: 40108e59e6ac02bb2a38e014ec0744ac4b1191511605edb5e6e082be833864ff
Instruction ID: 6108e8fbc585725bae20dc5b15ae57025f41918aac55a4ea7dc56692084daffb
Opcode Fuzzy Hash: 40108e59e6ac02bb2a38e014ec0744ac4b1191511605edb5e6e082be833864ff
Instruction Fuzzy Hash: 5B2159B2D0511DABCB00EF99D8919EEFFB8EF59354F44002EE505B7212D7746A88CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 005CF000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetFileAttributesExW.KERNEL32(?,00000000,00000001,00000001,00000001,?,?,00000001,00000000,00000001,00000000,00000000,?,?,?), ref: 005CF042
GetLastError.KERNEL32(?,?,boost::filesystem::file_size,?,?), ref: 005CF053

Part of subcall function 005D46A0: __CxxThrowException@8.LIBVCRUNTIME ref: 005D4749

Strings

boost::filesystem::file_size, xrefs: 005CF04C, 005CF080

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: AttributesErrorException@8FileLastThrow
String ID: boost::filesystem::file_size
API String ID: 1873943377-1937220381
Opcode ID: db774dc388341c81d66171dc989d389095fd4218b21e0031342f63a9153e303d
Instruction ID: eabdad901f33c0dc12b289c500b2f4331796d6d1a375e139be6d6f11c64f59c3
Opcode Fuzzy Hash: db774dc388341c81d66171dc989d389095fd4218b21e0031342f63a9153e303d
Instruction Fuzzy Hash: 9E112331A002005FD310AB39DC4AB2B7BD5BF89B30F944B1EF05A961C1D7B4D8008792

Uniqueness

Uniqueness Score: -1.00%

Function 00526860 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00526865

Strings

%s:%d: error: (%d) %s, xrefs: 005268D8
%s:%d: error: (%d) %s in function %s, xrefs: 005268A3

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: %s:%d: error: (%d) %s$%s:%d: error: (%d) %s in function %s
API String ID: 3519838083-3777411579
Opcode ID: 1ab721cc91cfb73d5f889b76702c2d0e0eed41a2f65ad56f97a41821c80a4f43
Instruction ID: 4ccea0192ace5affc3e80e56c8df7a7576fd484cde543b620d4a3d333096873b
Opcode Fuzzy Hash: 1ab721cc91cfb73d5f889b76702c2d0e0eed41a2f65ad56f97a41821c80a4f43
Instruction Fuzzy Hash: FD219F71800719EFEB18DF94D845AAABBF5FF06304F50095DE016575E2E7B2EA84CB90

Uniqueness

Uniqueness Score: -1.00%

Function 004231EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004231EF
__To_byte.LIBCPMT ref: 0042322B

Strings

invalid wchar_t filename argument, xrefs: 00423236

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prologTo_byte
String ID: invalid wchar_t filename argument
API String ID: 2823267341-1601001258
Opcode ID: c0146faeb8b3e4e827e36a0904effebb77cdb405899f9dacd23ba4392d1765c2
Instruction ID: f041f88476bd70d9e55b7f90aabdec7a9fba3aca7393ca4c5040615faeca2fb0
Opcode Fuzzy Hash: c0146faeb8b3e4e827e36a0904effebb77cdb405899f9dacd23ba4392d1765c2
Instruction Fuzzy Hash: B3118EB29042099ECB10EFA9D981AEEFBF8FF48314F10016FE504A7201DB745B84CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004B607E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 004B60FF

Strings

IsString(), xrefs: 004B609D
rhs.IsString(), xrefs: 004B60BF

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: _memcmp
String ID: IsString()$rhs.IsString()
API String ID: 2931989736-3903486248
Opcode ID: 2bbd160786a96e9dabfdba009fb99b1734b9d4c065814c35736bc7994aaa9fe4
Instruction ID: 0f701768cc556a09b3f67f8e49e637bb5103caae27dc64a973d385550b1ac489
Opcode Fuzzy Hash: 2bbd160786a96e9dabfdba009fb99b1734b9d4c065814c35736bc7994aaa9fe4
Instruction Fuzzy Hash: E401F762A0421172AD1036795C828BB738DCBE3B98B01003BF90597742E9AE8C0652BE

Uniqueness

Uniqueness Score: -1.00%

Function 00508954 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00508959
swprintf.LIBCMT ref: 005089CF

Strings

%02x, xrefs: 005089C1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prologswprintf
String ID: %02x
API String ID: 723770199-560843007
Opcode ID: e31e01e6f943849ffa86725ead3cabea827d92710ae4f086a1d1ae424f08c144
Instruction ID: 96f198674f4598fe0da5d80f9c493f1924c04696cae716ec7ad006bd1d63d99c
Opcode Fuzzy Hash: e31e01e6f943849ffa86725ead3cabea827d92710ae4f086a1d1ae424f08c144
Instruction Fuzzy Hash: 8511D0B1D04258EBDB00EF99C581AFEFFB4FF04314F14046EE98567282C7B95A4487A2

Uniqueness

Uniqueness Score: -1.00%

Function 00420875 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042087A
new.LIBCMT ref: 00420897

Strings

2B, xrefs: 004208BB

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: 2B
API String ID: 3519838083-2445177625
Opcode ID: c44ce58308eb5a48e53129c11db8eabde19dace27f19670bf82873417d927ecc
Instruction ID: 0ac52ed68039120b99c75f24206eff0401453f0e9003d737ffa1a357b209e6cb
Opcode Fuzzy Hash: c44ce58308eb5a48e53129c11db8eabde19dace27f19670bf82873417d927ecc
Instruction Fuzzy Hash: E41137B1A0160ADFCB14DFA9D5402AAFBF1FF88311F20856ED449E3702E7705A00CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0047E8A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0042FC69), ref: 0047E900
GetCurrentProcess.KERNEL32(0000001D,00000000,00000004,?,?,?,?,?,?,?,?,?,?,?,?,0042FC69), ref: 0047E91B

Strings

D, xrefs: 0047E8C9

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CurrentLibraryLoadProcess
String ID: D
API String ID: 2934848855-2746444292
Opcode ID: 95cb41975cdac49083b128e6f918a75402d003f9cfa742b2c6257d57799dc649
Instruction ID: b655e112bcf193d03bb4447e8dbe0170a1772b2ec2f11f0a8e34b1e5620e1d61
Opcode Fuzzy Hash: 95cb41975cdac49083b128e6f918a75402d003f9cfa742b2c6257d57799dc649
Instruction Fuzzy Hash: 08114872911348AAEB00DBF8ED057EDB7ACEF5D304F10526AEA05E9090E7749684C268

Uniqueness

Uniqueness Score: -1.00%

Function 0040F6F5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040F6FA
GetProcessHeap.KERNEL32(007A29C4,?,004F4CBE,?,4s,?,?,004F508D,?,?,00403520), ref: 0040F717

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

Tz, xrefs: 0040F792

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prologHeapProcess__onexit
String ID: Tz
API String ID: 3671622277-2318832878
Opcode ID: 28c41b3f64534973e2e7a231395d58ff9ba88769f1ca61debc93bd85e2ca9296
Instruction ID: 839f150a8a5d501b72f51f15b3c6a476b49f3470d528c605fd5a46d2b99ea3e3
Opcode Fuzzy Hash: 28c41b3f64534973e2e7a231395d58ff9ba88769f1ca61debc93bd85e2ca9296
Instruction Fuzzy Hash: FC114F71D06B44DEC750DF68A9456497BA3F78A711B50822EE418CB2A2D77C49548B08

Uniqueness

Uniqueness Score: -1.00%

Function 00426744 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00426749

Part of subcall function 00426654: __EH_prolog.LIBCMT ref: 00426659

Part of subcall function 00420F37: __EH_prolog.LIBCMT ref: 00420F3C
Part of subcall function 00420F37: std::exception::exception.LIBCONCRT ref: 00420F54

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Strings

dB, xrefs: 0042677C
"gB, xrefs: 00426798

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Deallocatestd::_std::exception::exception
String ID: "gB$dB
API String ID: 153459401-1691998663
Opcode ID: 564496ab3b82ded4e091f0da5a62e7b6eeca70a06788a6df15e99ec190e833c8
Instruction ID: 93782f494ba01e940c8de4254948f93017c889fcedf2d5522df6caf55753ce6c
Opcode Fuzzy Hash: 564496ab3b82ded4e091f0da5a62e7b6eeca70a06788a6df15e99ec190e833c8
Instruction Fuzzy Hash: C611CE7290124DEBDB00EF99C901BDDFFB5EF14324F10814EE5106B292DBB95654DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00532D66 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00532D6B

Part of subcall function 00526915: __EH_prolog.LIBCMT ref: 0052691A

Part of subcall function 00526747: __EH_prolog.LIBCMT ref: 0052674C

Part of subcall function 00526972: __CxxThrowException@8.LIBVCRUNTIME ref: 00526A67

Strings

cv::OutOfMemoryError, xrefs: 00532D8D
Failed to allocate %lu bytes, xrefs: 00532D9F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Exception@8Throw
String ID: Failed to allocate %lu bytes$cv::OutOfMemoryError
API String ID: 1007369359-255125719
Opcode ID: 06a199d06ec91613aa1f69611cc07f16b3b59c01b79db57447051bd22eb1c95a
Instruction ID: ab5bdab6b197a06c747e07827ce1222954709d7041fbdea029814ad387865ae6
Opcode Fuzzy Hash: 06a199d06ec91613aa1f69611cc07f16b3b59c01b79db57447051bd22eb1c95a
Instruction Fuzzy Hash: BD01F972D12128AADB15E7E8DC0AFDD7BB8AF55310F14419EE210571C2EBB45B48C761

Uniqueness

Uniqueness Score: -1.00%

Function 004B4FA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B4FA5

Part of subcall function 004B7A73: __EH_prolog.LIBCMT ref: 004B7A78

Part of subcall function 00420F37: __EH_prolog.LIBCMT ref: 00420F3C
Part of subcall function 00420F37: std::exception::exception.LIBCONCRT ref: 00420F54

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

new.LIBCMT ref: 004B4FF1

Part of subcall function 004B4B4E: __EH_prolog.LIBCMT ref: 004B4B53

Strings

dB, xrefs: 004B4FD3

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Deallocatestd::_std::exception::exception
String ID: dB
API String ID: 153459401-2104629891
Opcode ID: af9d3cc1a6085e185555711973224dba09a2e0174bf2ffb6ea272e364e18a918
Instruction ID: 495a43c55d09c925d0ae03b5d4608425af67aeac8f68a042b7901775e42f67cc
Opcode Fuzzy Hash: af9d3cc1a6085e185555711973224dba09a2e0174bf2ffb6ea272e364e18a918
Instruction Fuzzy Hash: C911C271904289EADB11EFA9C506BCDFFF5EF54324F20818EE5506B282C7B94740CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00526A6D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00526A72
std::exception::exception.LIBCMT ref: 00526A83

Part of subcall function 0040F323: ___std_exception_copy.LIBVCRUNTIME ref: 0040F341

Strings

%gR, xrefs: 00526A93

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog___std_exception_copystd::exception::exception
String ID: %gR
API String ID: 238416039-1847496865
Opcode ID: e7ec8c1aeff8aea54c0622960873d249bf79ad0e652b139f01fc3f524725f57b
Instruction ID: 6cc51797dc93b3519a544e1ec05f9a053a762e6795f56af9aefd895cec0c021b
Opcode Fuzzy Hash: e7ec8c1aeff8aea54c0622960873d249bf79ad0e652b139f01fc3f524725f57b
Instruction Fuzzy Hash: 93117C71801A48EBC711DBA9C444ADEFBF8FF18314F00426FE55293A91DBB4BA44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 004B1184 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004B1189

Part of subcall function 004B4B4E: __EH_prolog.LIBCMT ref: 004B4B53

Part of subcall function 004B4BAA: __EH_prolog.LIBCMT ref: 004B4BAF

Part of subcall function 004B4FA0: __EH_prolog.LIBCMT ref: 004B4FA5
Part of subcall function 004B4FA0: new.LIBCMT ref: 004B4FF1

Part of subcall function 004B503A: __EH_prolog.LIBCMT ref: 004B503F
Part of subcall function 004B503A: __CxxThrowException@8.LIBVCRUNTIME ref: 004B50A1

Strings

class boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_string<cha, xrefs: 004B11E7
No such node, xrefs: 004B11B4

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$Exception@8Throw
String ID: No such node$class boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_string<cha
API String ID: 1007369359-3630618227
Opcode ID: b09c959196ce013f82d93875d885f617013b01da6fdb2081dbcde9b183545a41
Instruction ID: 9cc27f8e975c2abf3806b492ea64522396a34f7934f704a0f63302e24a22d674
Opcode Fuzzy Hash: b09c959196ce013f82d93875d885f617013b01da6fdb2081dbcde9b183545a41
Instruction Fuzzy Hash: 4511CE31D012199BCF10EFA8C916BEDBBB4EF04314F10411AE6016B282DBB85B05CBE4

Uniqueness

Uniqueness Score: -1.00%

Function 00576D95 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00576D9A

Part of subcall function 005795C0: __EH_prolog.LIBCMT ref: 005795C5

Part of subcall function 00575BCD: __EH_prolog.LIBCMT ref: 00575BD2

_strlen.LIBCMT ref: 00576DEA

Strings

8nW, xrefs: 00576DCA

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$_strlen
String ID: 8nW
API String ID: 1490583215-3678990148
Opcode ID: 357ed8cb5a74ebb7a39500f4bd8a14a0f3a12d5baf0720e2e017f28f83e3d700
Instruction ID: 587648060941c9228cce58899d5a74ac498c95b054a415b06a8918cc77285a0e
Opcode Fuzzy Hash: 357ed8cb5a74ebb7a39500f4bd8a14a0f3a12d5baf0720e2e017f28f83e3d700
Instruction Fuzzy Hash: D50124B19006459EDB24DB69A8057AEFFE8EF82320F00876FE46593292D7B81E00D751

Uniqueness

Uniqueness Score: -1.00%

Function 00414F2A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000), ref: 00414F51
GetLastError.KERNEL32 ref: 00414F5B

Part of subcall function 0041037A: __EH_prolog.LIBCMT ref: 0041037F

Strings

pqcs, xrefs: 00414F76

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CompletionErrorH_prologLastPostQueuedStatus
String ID: pqcs
API String ID: 1288862127-2559862021
Opcode ID: 62289c2a887ff509f8b4b6feebd40a0b0ec8652ac821b74d8e0d5ea0993a9edb
Instruction ID: 9a0a4618d32c31c4ca22fcb0b4eafbf0e41916f42df2d488f0aae1e67509a8b1
Opcode Fuzzy Hash: 62289c2a887ff509f8b4b6feebd40a0b0ec8652ac821b74d8e0d5ea0993a9edb
Instruction Fuzzy Hash: D8F08171A00128AF9B219B6588009ABBBADEE8075875080AAEC049B211DA74CD4787E5

Uniqueness

Uniqueness Score: -1.00%

Function 00412603 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00412608

Part of subcall function 0041267E: __EH_prolog.LIBCMT ref: 00412683

Part of subcall function 00410E24: __EH_prolog.LIBCMT ref: 00410E29

Strings

6A, xrefs: 0041265A
06A, xrefs: 00412653

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: 6A$06A
API String ID: 3519838083-223357171
Opcode ID: f4c3e68e4bc28e1f1f5753c539ab613bd7e891ffd08312e5e4756ce1d1509342
Instruction ID: f4364291f978b96d95e8ab4b4c58549ffb775d8411f43ab9772b0b80358d3521
Opcode Fuzzy Hash: f4c3e68e4bc28e1f1f5753c539ab613bd7e891ffd08312e5e4756ce1d1509342
Instruction Fuzzy Hash: 2A01D4B6501608EAC714DF5CDA006EABFFAFB86B50F10865EE4558B641DBB46A08CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00588B1B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00588B22
new.LIBCMT ref: 00588B39

Strings

TxX, xrefs: 00588B62

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: TxX
API String ID: 431132790-379745606
Opcode ID: 689e7e254db3aca9115e9afcdb08b51b46fb092e3c1139756f01da526606b326
Instruction ID: e932cd90f65f572652c57038d0fb4547ca75f9f84a4485dbbce2738842243cbf
Opcode Fuzzy Hash: 689e7e254db3aca9115e9afcdb08b51b46fb092e3c1139756f01da526606b326
Instruction Fuzzy Hash: 0601D6B1900712CBDB20FF94D45676E7BA1FF40761FA5062EE8517B181CFB469008790

Uniqueness

Uniqueness Score: -1.00%

Function 00588B8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00588B96
new.LIBCMT ref: 00588BAD

Strings

vxX, xrefs: 00588BD6

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: vxX
API String ID: 431132790-762046408
Opcode ID: 3639303eccabd03e77228c65733224ab5f6944a02a68d5981ec817b850938b68
Instruction ID: 304df3ac81e099f7acae7f8c403a4c5f923bf45c6520c41da2ae06778c3ceb5d
Opcode Fuzzy Hash: 3639303eccabd03e77228c65733224ab5f6944a02a68d5981ec817b850938b68
Instruction Fuzzy Hash: A201A2B1900312CBDB24FF94D4567AE7BA1FF50716FA1051EA8827B181CFB459418784

Uniqueness

Uniqueness Score: -1.00%

Function 0041ED61 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041ED66
new.LIBCMT ref: 0041ED7C

Strings

0A, xrefs: 0041ED9D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: 0A
API String ID: 3519838083-187954893
Opcode ID: 081576209a9c57e4d9c2b992600b254f77e2010209fbc48a5611ec0d19550154
Instruction ID: 1205f1b611dd8bb5a84b9eeda5d22fa35e1725b24406dc39a0c12df70a1429ab
Opcode Fuzzy Hash: 081576209a9c57e4d9c2b992600b254f77e2010209fbc48a5611ec0d19550154
Instruction Fuzzy Hash: B1017CB290234AEEC764DFA9854169AFFF5FF15310F10867EE09993641D3B05A00CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00412A6E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00412A73
new.LIBCMT ref: 00412A86

Strings

63A, xrefs: 00412AA7

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: 63A
API String ID: 3519838083-706171910
Opcode ID: cf93a89df8cc1614a4b55885b72047a4b4a4e31fe59863db90c130c1885feb11
Instruction ID: 4d3f0011076075110644a449004c8b57a75cd4cfa51f76ef3dbae39df9de59a1
Opcode Fuzzy Hash: cf93a89df8cc1614a4b55885b72047a4b4a4e31fe59863db90c130c1885feb11
Instruction Fuzzy Hash: 3E019AB1901348EEC720DF99C50579AFFE6FB81321F20826EE484A7281C3B41A00DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004F4C91 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004F4C96

Part of subcall function 0040F6F5: __EH_prolog.LIBCMT ref: 0040F6FA
Part of subcall function 0040F6F5: GetProcessHeap.KERNEL32(007A29C4,?,004F4CBE,?,4s,?,?,004F508D,?,?,00403520), ref: 0040F717

Strings

MO, xrefs: 004F4CA4
4s, xrefs: 004F4C9D, 004F4C9F

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$HeapProcess
String ID: MO$4s
API String ID: 2845616704-1959134711
Opcode ID: e77d5ff1307ee3a604e189cca595570f67578b3cbff8e24ed796561535490fbd
Instruction ID: dbdc0edb21ee75685d1cf78b0f74f817e5f646d255c02b152c54bcf46313bc55
Opcode Fuzzy Hash: e77d5ff1307ee3a604e189cca595570f67578b3cbff8e24ed796561535490fbd
Instruction Fuzzy Hash: 2601B1B29222158AC354CF5DA80195BB7A4FFD6B10F00C22EE014B3272D77829028B9D

Uniqueness

Uniqueness Score: -1.00%

Function 00412F5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00412F61

Strings

a0A, xrefs: 00412FA1
5A, xrefs: 00412FB1

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: a0A$5A
API String ID: 3519838083-3613670376
Opcode ID: e8c153ac05fb0abf176b655d90569e05d8d2991294badc8d9fe4da1b69cf7429
Instruction ID: 74fbbeb34ab73e4fc6f72e5c78d6e4a9b63b2581873420e1e30d010f3b3e697a
Opcode Fuzzy Hash: e8c153ac05fb0abf176b655d90569e05d8d2991294badc8d9fe4da1b69cf7429
Instruction Fuzzy Hash: 2F014CB1900708DFD724CF98C5487AABBF1FB08359F10865DE49A9B641C3B4DA44CF94

Uniqueness

Uniqueness Score: -1.00%

Function 005883FB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00588402
new.LIBCMT ref: 00588419

Strings

KwX, xrefs: 0058843D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: KwX
API String ID: 431132790-2252377540
Opcode ID: ede9df5162d71e286ecfbcee49a640fa95dacd51ba9ddae7882270e4a1c7c7af
Instruction ID: 2493293fc68edf8307d0f6882377ad95a2fd7bbabcc855ca5ef941653a5c689f
Opcode Fuzzy Hash: ede9df5162d71e286ecfbcee49a640fa95dacd51ba9ddae7882270e4a1c7c7af
Instruction Fuzzy Hash: DFF08C32901222CADB20FFD5D5523ADBBA1FF10724FA0461EA8817B292DFF45A448780

Uniqueness

Uniqueness Score: -1.00%

Function 00588463 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0058846A
new.LIBCMT ref: 00588481

Strings

KwX, xrefs: 005884A5

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: KwX
API String ID: 431132790-2252377540
Opcode ID: 0791c912d909bb114e1fc37814755f164039cbc673efee8b620f17e34ce54b71
Instruction ID: 667f10d9b446ec22971da5ba9572065dd1043dcca169df38ce8f0b4ec7abdaa0
Opcode Fuzzy Hash: 0791c912d909bb114e1fc37814755f164039cbc673efee8b620f17e34ce54b71
Instruction Fuzzy Hash: 75F0AF32A013238BDB20FFD4D4523ADBBA6FF10714FA5451EA8957B292DFB45E008780

Uniqueness

Uniqueness Score: -1.00%

Function 005884CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 005884D2
new.LIBCMT ref: 005884E9

Strings

KwX, xrefs: 0058850D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: KwX
API String ID: 431132790-2252377540
Opcode ID: 27cafbe3003fd9ef3693e5490932cf150365ba621ba338f915197c2013b59262
Instruction ID: b27de10d5e233e54874d2d67d3efa33dc70fb71aa3dea89690f2bc477da2d9ae
Opcode Fuzzy Hash: 27cafbe3003fd9ef3693e5490932cf150365ba621ba338f915197c2013b59262
Instruction Fuzzy Hash: 56F0AF71900322DBDB21FF94D5523BDBBA2FF14710FA1021EA89177281EFB46E418780

Uniqueness

Uniqueness Score: -1.00%

Function 00588533 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0058853A
new.LIBCMT ref: 00588551

Strings

KwX, xrefs: 00588575

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: KwX
API String ID: 431132790-2252377540
Opcode ID: d9f7f8fc42195fcb97ead386d520b8639126ec59907194741c59b0d2c95ab83e
Instruction ID: 8f8e434a96acb005543f2bde57bd38342d4406e2b9b2254bc0bb5f341ac7eaf0
Opcode Fuzzy Hash: d9f7f8fc42195fcb97ead386d520b8639126ec59907194741c59b0d2c95ab83e
Instruction Fuzzy Hash: 58F0A4719403229BDB20FF94D4523ADBBA1FF14710FA5451EA96577181CFB45E008BC0

Uniqueness

Uniqueness Score: -1.00%

Function 005887AD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 005887B4
new.LIBCMT ref: 005887CB

Strings

KwX, xrefs: 005887EF

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: KwX
API String ID: 431132790-2252377540
Opcode ID: 883ea40c1275f337d1831aa4d9c1cc4527090da2f621a27c6291ef1684baea80
Instruction ID: c816c453889baebd798c0d188bad85b73d6c1bd697daecc73854785cdaa06c26
Opcode Fuzzy Hash: 883ea40c1275f337d1831aa4d9c1cc4527090da2f621a27c6291ef1684baea80
Instruction Fuzzy Hash: 7EF0AF719003228BDB20FF98D4427ADBBA2FF10710FE1462EA991B7182DFB45A01CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0058887D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00588884
new.LIBCMT ref: 0058889B

Strings

KwX, xrefs: 005888BF

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: KwX
API String ID: 431132790-2252377540
Opcode ID: e9791b097cc67749a9b465ac70b91a6e0426e73bf03f71ec33f41e39acb71b29
Instruction ID: 0399cbfa33d010b7fa9ab10653fb90f1a1e68c0f3e970e513ef3794a6c2c296b
Opcode Fuzzy Hash: e9791b097cc67749a9b465ac70b91a6e0426e73bf03f71ec33f41e39acb71b29
Instruction Fuzzy Hash: 81F081719002228AD760BF95D4413BEBBA2FF10750FE0491EA95177286DFB45E018B84

Uniqueness

Uniqueness Score: -1.00%

Function 00588815 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0058881C
new.LIBCMT ref: 00588833

Strings

KwX, xrefs: 00588857

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: KwX
API String ID: 431132790-2252377540
Opcode ID: 64160bb4d50af1475aa6a7de3b00bafc445e8310aafd977cf05b74791a2d0748
Instruction ID: 18ce4793a3133c9ad5439b04be71690b705f7afeb36922af80ec8387b6386aa7
Opcode Fuzzy Hash: 64160bb4d50af1475aa6a7de3b00bafc445e8310aafd977cf05b74791a2d0748
Instruction Fuzzy Hash: CFF08C719406228ADB60FFD4D4463ADBBA1FF10B10FE10A2EA88077181DFB49E408B84

Uniqueness

Uniqueness Score: -1.00%

Function 005888E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 005888EC
new.LIBCMT ref: 00588903

Strings

KwX, xrefs: 00588927

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: KwX
API String ID: 431132790-2252377540
Opcode ID: 94acb57d2e8265ba5300e8613ee23ce3d3dafb0f6759aa8159e3a367d3a19198
Instruction ID: 496049f06e3927affc9548a1e932807af7bdfce1de313a27f7a8782c85837d8b
Opcode Fuzzy Hash: 94acb57d2e8265ba5300e8613ee23ce3d3dafb0f6759aa8159e3a367d3a19198
Instruction Fuzzy Hash: 1AF0AF729413228BDB60FF94D4423BDBBA2FF14B64FA1022EE98477281CFB45A40C785

Uniqueness

Uniqueness Score: -1.00%

Function 00582EF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00582EFD
Concurrency::critical_section::critical_section.LIBCONCRT ref: 00582F32

Strings

~/X, xrefs: 00582F29

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Concurrency::critical_section::critical_sectionH_prolog3
String ID: ~/X
API String ID: 221928310-3598876131
Opcode ID: 01dc7ca36c9af132488cd6549aaafe1517b30a06729ffdfcfab98c78d5166254
Instruction ID: 4a58cd136fa69847c5614ee1920342e576b9da8fa92b96101e1748f9aea83a6d
Opcode Fuzzy Hash: 01dc7ca36c9af132488cd6549aaafe1517b30a06729ffdfcfab98c78d5166254
Instruction Fuzzy Hash: E5F03C702121019BEB18FF51C89BA393FB2BF40309F58441DEE06EA641DB74D841DB05

Uniqueness

Uniqueness Score: -1.00%

Function 0041D78C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0041D7B0

Part of subcall function 0040F323: ___std_exception_copy.LIBVCRUNTIME ref: 0040F341

__ExceptionPtrCopy.LIBCPMT ref: 0041D7C7

Part of subcall function 00582D26: _Reset.LIBCPMT ref: 00582D3A

Strings

)@A, xrefs: 0041D7BF

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CopyExceptionReset___std_exception_copystd::exception::exception
String ID: )@A
API String ID: 3160724110-964663934
Opcode ID: ceda06db20240489a6e48e70e704e601f8805f04c5b151a16a6aede31ed5b633
Instruction ID: 8f391f37537dd4bc763ec2c55056d101bb4af1d0d2a25f2f44feb554a4e6689d
Opcode Fuzzy Hash: ceda06db20240489a6e48e70e704e601f8805f04c5b151a16a6aede31ed5b633
Instruction Fuzzy Hash: 13F01D72515649ABC714DF49D802BAAFBACEB45730F10422FE82193A80DBB969008B95

Uniqueness

Uniqueness Score: -1.00%

Function 00582572 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00582579
__ExceptionPtr::__ExceptionPtr.LIBCMT ref: 005825C1

Part of subcall function 005826A0: EncodePointer.KERNEL32(?,?,?,00000001,?,005825C6,?), ref: 00582750

Strings

m+X, xrefs: 00582598

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Exception$EncodeH_prolog3PointerPtr::__
String ID: m+X
API String ID: 4003105897-2895029710
Opcode ID: 9392fe750c38a4d8bfbc62396106ad4d130a47cbc6f6cb885b36cf1f9f01c99e
Instruction ID: f12b37a3ac4dd88ebc41c038999ec7c113d9cd0f1659cfeced54df5a5d6e3699
Opcode Fuzzy Hash: 9392fe750c38a4d8bfbc62396106ad4d130a47cbc6f6cb885b36cf1f9f01c99e
Instruction Fuzzy Hash: 9EF09071A407459FDB10EF998841B9EFFF5BF84714F10442EF554AB291CBB09A048BA1

Uniqueness

Uniqueness Score: -1.00%

Function 004265F7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004265FC

Part of subcall function 00411BC8: std::_Deallocate.LIBCONCRT ref: 00411BF8

Part of subcall function 0040F3FA: ___std_exception_destroy.LIBVCRUNTIME ref: 0040F424

Strings

dB, xrefs: 00426633
"gB, xrefs: 00426609

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: DeallocateH_prolog___std_exception_destroystd::_
String ID: "gB$dB
API String ID: 517235596-1691998663
Opcode ID: bb3e06b57799232816ccef2c5fdaa742e73ea8f9bd7c36b58c4c54553227e9a0
Instruction ID: 4f396e299dbe407b87e936b6af92340d2bd918b4bac787491b714b9d5a8935da
Opcode Fuzzy Hash: bb3e06b57799232816ccef2c5fdaa742e73ea8f9bd7c36b58c4c54553227e9a0
Instruction Fuzzy Hash: D3F0CD71900244AAC724EF598801BAEBBF8EF81730F20425EE166A31C2CBB82A018755

Uniqueness

Uniqueness Score: -1.00%

Function 00410769 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 00410770
GetLastError.KERNEL32 ref: 0041077F

Part of subcall function 0041037A: __EH_prolog.LIBCMT ref: 0041037F

Strings

tss, xrefs: 0041079A

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: AllocErrorH_prologLast
String ID: tss
API String ID: 249634027-1638339373
Opcode ID: 37c532ff2c1216f657573317fc955fae18d32346f171784d35b4c882b7803e8d
Instruction ID: 7767345e25553655080e048a62f20e34ffe8b35e099c56ff0bf57211427a5901
Opcode Fuzzy Hash: 37c532ff2c1216f657573317fc955fae18d32346f171784d35b4c882b7803e8d
Instruction Fuzzy Hash: 92E02B30F00218ABC71077B968C409EBBE9DAC8234710427BE81597392DAB8498B4B95

Uniqueness

Uniqueness Score: -1.00%

Function 006AB711 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000,0069C82B), ref: 006AB750

Strings

GetSystemTimePreciseAsFileTime, xrefs: 006AB72C
0A, xrefs: 006AB746

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Time$FileSystem
String ID: 0A$GetSystemTimePreciseAsFileTime
API String ID: 2086374402-4002876861
Opcode ID: c7450b068648ba0887448b02ff3065442876bb8c914277648ff6f67ea5d52877
Instruction ID: 6d70eb9f46a9a64f14569db712dbd6e4f01f7c13f313c566dfc3d22a430fdfe1
Opcode Fuzzy Hash: c7450b068648ba0887448b02ff3065442876bb8c914277648ff6f67ea5d52877
Instruction Fuzzy Hash: 9FE0E571B41318A79710BF649D06D7EBB93DB49B11B404169F8096B281DFB08E109BCA

Uniqueness

Uniqueness Score: -1.00%

Function 0041280A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041280F

Part of subcall function 0041267E: __EH_prolog.LIBCMT ref: 00412683

Part of subcall function 004103BF: __EH_prolog.LIBCMT ref: 004103C4

Strings

6A, xrefs: 0041284E
06A, xrefs: 00412847

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog
String ID: 6A$06A
API String ID: 3519838083-223357171
Opcode ID: 7b6c715e5130c8721710a9e487e975662c75c4ea1790463ee8de8202fc14d362
Instruction ID: eca12a43316dbb3a31cd2df608725b8f5681017cfb1e8438f01c40cfb5baac28
Opcode Fuzzy Hash: 7b6c715e5130c8721710a9e487e975662c75c4ea1790463ee8de8202fc14d362
Instruction Fuzzy Hash: 1AF06DB1401209EBC704EF99D6056EDFFB6FF52354F10425EE1149B691CBB55A24CB90

Uniqueness

Uniqueness Score: -1.00%

Function 005788C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 005788CE

Part of subcall function 00579730: __EH_prolog.LIBCMT ref: 00579735

_strlen.LIBCMT ref: 005788F0

Strings

Portable image format (*.pbm;*.pgm;*.ppm;*.pxm;*.pnm), xrefs: 005788E4, 005788E9, 005788F7

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$_strlen
String ID: Portable image format (*.pbm;*.pgm;*.ppm;*.pxm;*.pnm)
API String ID: 1490583215-1029613475
Opcode ID: 7f59cfd11c5b1878f04be798f3854440fd099ba751878aa7759f6258b1149d7f
Instruction ID: 80bb32cce355ac01261c6b69d11c3c2255739fbf66f3e5c7b8534e45542ca4f9
Opcode Fuzzy Hash: 7f59cfd11c5b1878f04be798f3854440fd099ba751878aa7759f6258b1149d7f
Instruction Fuzzy Hash: 6BF0A0729106449ADB24AF58D9067AEBBFCEF91721F10066FF42593692CBB42D0096A0

Uniqueness

Uniqueness Score: -1.00%

Function 00578E52 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00578E57

Part of subcall function 00579730: __EH_prolog.LIBCMT ref: 00579735

_strlen.LIBCMT ref: 00578E79

Strings

TIFF Files (*.tiff;*.tif), xrefs: 00578E6D, 00578E72, 00578E80

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$_strlen
String ID: TIFF Files (*.tiff;*.tif)
API String ID: 1490583215-969518115
Opcode ID: 8df1b13dad2ce4141dbfeeef4821556b308b2975ae9338baf09e7e9635f98005
Instruction ID: a0667cf50f8be4ec036636b3a3dd9cc6271612a5837f91897a9604bb1794b09c
Opcode Fuzzy Hash: 8df1b13dad2ce4141dbfeeef4821556b308b2975ae9338baf09e7e9635f98005
Instruction Fuzzy Hash: 83F020729205449AD724AF5CD8067AEFBBCEF91720F10026FF011A3682C7B42D0092A0

Uniqueness

Uniqueness Score: -1.00%

Function 00582526 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0058252D
__ExceptionPtr::__ExceptionPtr.LIBCMT ref: 00582563

Part of subcall function 005826A0: EncodePointer.KERNEL32(?,?,?,00000001,?,005825C6,?), ref: 00582750

Strings

m+X, xrefs: 00582547

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: Exception$EncodeH_prolog3PointerPtr::__
String ID: m+X
API String ID: 4003105897-2895029710
Opcode ID: 913da3cebc69cc95631334cc77f5ad99483d006c37bc7e4efa03e1888d330ccb
Instruction ID: 8df42ccd2d3fdfc9fd85804b76f056dd488c732d34ba028371c2f0bb644040cc
Opcode Fuzzy Hash: 913da3cebc69cc95631334cc77f5ad99483d006c37bc7e4efa03e1888d330ccb
Instruction Fuzzy Hash: BCF08570A112169FCB50EFA8C0006AEBFF1BF09300F10846EB899EB201DB709A04CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00410C7D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00410C82
CreateEventA.KERNEL32(00000000,?,?,00000000), ref: 00410C94

Part of subcall function 00410B2A: __EH_prolog.LIBCMT ref: 00410B2F

Part of subcall function 004123F5: __CxxThrowException@8.LIBVCRUNTIME ref: 0041240F

Strings

boost::thread_resource_error, xrefs: 00410C9E

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$CreateEventException@8Throw
String ID: boost::thread_resource_error
API String ID: 198059956-52533987
Opcode ID: 1a164ffb7d7992499a21f89b34fc0440501e870148e75efce5f3466bc3cc7b47
Instruction ID: 49e4c0660a23dcb75cd5f3498cc31a18c8345470ec49bbbe7571606633aa47d7
Opcode Fuzzy Hash: 1a164ffb7d7992499a21f89b34fc0440501e870148e75efce5f3466bc3cc7b47
Instruction Fuzzy Hash: BFF0A0B198420CEBDB10EFE0DD05BDE7B71FB14705F004159F904AA280DBB94A84DB81

Uniqueness

Uniqueness Score: -1.00%

Function 00596BC4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 0040F608: InitializeCriticalSectionEx.KERNEL32(0079E760,00000000,00000000,0079E74C,00596BF3,?,?,?,0040F21C), ref: 0040F60E
Part of subcall function 0040F608: GetLastError.KERNEL32(?,?,?,0040F21C), ref: 0040F618

IsDebuggerPresent.KERNEL32(?,?,?,0040F21C), ref: 00596BF7
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0040F21C), ref: 00596C06

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00596C01

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 3511171328-631824599
Opcode ID: 88da9bc2f899907a1d6627ffafd0da83b39259829df6f6793debda9842619c1e
Instruction ID: d4c036fcae37f4084c567cba2579976e98d4a324b05579e4f57c4f6623958f28
Opcode Fuzzy Hash: 88da9bc2f899907a1d6627ffafd0da83b39259829df6f6793debda9842619c1e
Instruction Fuzzy Hash: 16E06D702017818FDB709F25E5087827FE5AB14349F01892DF885D7651EBB5D988CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0041236F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00412374

Part of subcall function 00412559: __EH_prolog.LIBCMT ref: 0041255E

Part of subcall function 004103BF: __EH_prolog.LIBCMT ref: 004103C4

__CxxThrowException@8.LIBVCRUNTIME ref: 004123C2

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

Strings

86A, xrefs: 004123AE

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ExceptionException@8RaiseThrow
String ID: 86A
API String ID: 1193697898-1576963401
Opcode ID: f6fefb93a8016f4d5820b687e0725b4b40c18e82d00a83300a8d939c596b7758
Instruction ID: 0b62c954ae02e6c1c718dab4881d14592e3510e7da179f93061bc6e4a504c101
Opcode Fuzzy Hash: f6fefb93a8016f4d5820b687e0725b4b40c18e82d00a83300a8d939c596b7758
Instruction Fuzzy Hash: 91F01CB180528CEADB04EBE5C64E6CCBFB5AB10318F204168D0517B186C7B90B88C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0041CA48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041CA4D

Part of subcall function 0041D8B4: std::exception::exception.LIBCMT ref: 0041D8D6

Part of subcall function 004103BF: __EH_prolog.LIBCMT ref: 004103C4

__CxxThrowException@8.LIBVCRUNTIME ref: 0041CA9B

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

Strings

bA, xrefs: 0041CA79

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ExceptionException@8RaiseThrowstd::exception::exception
String ID: bA
API String ID: 1371192639-897489536
Opcode ID: 2716bbbf81c842bf1b27c6300b8ecd3f3c6e2e1163b5b2925c245b324a45f4df
Instruction ID: 1702613bc4d7873dff79c591d96cd102a775604c8e5d15698f88d781f926d443
Opcode Fuzzy Hash: 2716bbbf81c842bf1b27c6300b8ecd3f3c6e2e1163b5b2925c245b324a45f4df
Instruction Fuzzy Hash: 00F01CB1C1425CEADF04FBA9D94AADCBBB4AF14318F14426CE06176192C7B91648CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041CAFA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041CAFF

Part of subcall function 004103BF: __EH_prolog.LIBCMT ref: 004103C4

__CxxThrowException@8.LIBVCRUNTIME ref: 0041CB4D

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

Strings

JA, xrefs: 0041CB2B

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ExceptionException@8RaiseThrow
String ID: JA
API String ID: 1193697898-3301965381
Opcode ID: 8bd85736b7c2cea6e92f45583433b4f34073cc927cf1b11944b1a8d4cd02a7cb
Instruction ID: 5228f20f21dc8152200ef69f30287661c6e84751c9a023f01c5366d53ad0930e
Opcode Fuzzy Hash: 8bd85736b7c2cea6e92f45583433b4f34073cc927cf1b11944b1a8d4cd02a7cb
Instruction Fuzzy Hash: 5EF0F8B2C1825CEBDF04EBA5C94A6DDBFB5AB14308F108268E05176182CBB90648CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041CC56 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041CC5B

Part of subcall function 0040F569: std::exception::exception.LIBCMT ref: 0040F58B

Part of subcall function 004103BF: __EH_prolog.LIBCMT ref: 004103C4

__CxxThrowException@8.LIBVCRUNTIME ref: 0041CCA9

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

Strings

KA, xrefs: 0041CC87

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ExceptionException@8RaiseThrowstd::exception::exception
String ID: KA
API String ID: 1371192639-4189050869
Opcode ID: 4c1ea2af7b9039861cb6726c3c3c17fcbc05b0211f7b0f8da518d32bef9fb658
Instruction ID: 48157b314adcb158eb4ecfb938529cea034f0d970046aa0e08d466c5143675d8
Opcode Fuzzy Hash: 4c1ea2af7b9039861cb6726c3c3c17fcbc05b0211f7b0f8da518d32bef9fb658
Instruction Fuzzy Hash: 0FF0F8B1C1425CEADF14EFA5D94AACCBAB0AB14308F14426DE06176193C7B94648CB29

Uniqueness

Uniqueness Score: -1.00%

Function 0041CD08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041CD0D

Part of subcall function 004103BF: __EH_prolog.LIBCMT ref: 004103C4

__CxxThrowException@8.LIBVCRUNTIME ref: 0041CD5B

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

Strings

3A, xrefs: 0041CD39

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ExceptionException@8RaiseThrow
String ID: 3A
API String ID: 1193697898-806190331
Opcode ID: 752e4bddf0348bb06a045d0cc595b55efbe3f8ae2b409c3dea51c142d1a9049a
Instruction ID: afcf0afa1086773f7d4efeaeebe32466338ed74be56a30067d14ed461a87e8a8
Opcode Fuzzy Hash: 752e4bddf0348bb06a045d0cc595b55efbe3f8ae2b409c3dea51c142d1a9049a
Instruction Fuzzy Hash: 0DF01CB1C1420CEBDF04EBA5DD4A6CCBEB5BF14318F10426CE06176192D7B9464CCB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041D648 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041D64D

Part of subcall function 004103BF: __EH_prolog.LIBCMT ref: 004103C4

__CxxThrowException@8.LIBVCRUNTIME ref: 0041D69B

Part of subcall function 0068E3DE: RaiseException.KERNEL32(?,00582150,P!X,?,?,0078FB6C,?,?,?,?,?,00582150,?,00783398,?), ref: 0068E43D

Strings

RA, xrefs: 0041D679

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog$ExceptionException@8RaiseThrow
String ID: RA
API String ID: 1193697898-2489262598
Opcode ID: ed25e96609f27017d1fbef0252baa919f2359df7f3a56548066db5bc896ddfdd
Instruction ID: f7f83b3d672e2e3ea372a55306b04b1c76932bacc795154e1acbce626890db18
Opcode Fuzzy Hash: ed25e96609f27017d1fbef0252baa919f2359df7f3a56548066db5bc896ddfdd
Instruction Fuzzy Hash: 31F01CB1C1425CEBDF04FFA5C94AADCBEB4AB24318F14426CE4517B192C7B90A48CB29

Uniqueness

Uniqueness Score: -1.00%

Function 004260D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004260D6
std::exception::exception.LIBCONCRT ref: 004260E7

Part of subcall function 0040F2EC: ___std_exception_copy.LIBVCRUNTIME ref: 0040F313

Strings

call to empty boost::function, xrefs: 004260DF

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: H_prolog___std_exception_copystd::exception::exception
String ID: call to empty boost::function
API String ID: 238416039-3939084148
Opcode ID: b07cba072a029add528fb8cbd24f0446675fe96943eb8b5c453dc6219cff55b2
Instruction ID: 31dc3c1c376e461c466c09fd2016a5224f36de06e2c6f883abf66d0ff9b0a87f
Opcode Fuzzy Hash: b07cba072a029add528fb8cbd24f0446675fe96943eb8b5c453dc6219cff55b2
Instruction Fuzzy Hash: A9E0DFB0D51219EBE7249F88C8063DDBBF9EB04320F1002AEE490A32C2C3F91B018BC4

Uniqueness

Uniqueness Score: -1.00%

Function 0040A2E4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040A2EB

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 0040A2F3
1.38, xrefs: 0040A2E5, 0040A2F2

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: f2691ee7c58ee39118237f8b00f540ccf792c6c4174974a2a792e13a2f547b09
Instruction ID: ddb6bf3122922fbe502811115ade512f7d7a5d7aa7b7724a637a58d77962b036
Opcode Fuzzy Hash: f2691ee7c58ee39118237f8b00f540ccf792c6c4174974a2a792e13a2f547b09
Instruction Fuzzy Hash: 0AC04C5299A5202D39493255380BDEE424F8D96320F16117FF540656D25D892D8155FE

Uniqueness

Uniqueness Score: -1.00%

Function 004022AB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 004022B2

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 004022BA
1.38, xrefs: 004022AC, 004022B1, 004022B9

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: 26c978780c75564582692b50e13a396d5c810437428a86158ead1fa56979b9f5
Instruction ID: 5077432d5b53f128c306b847c1f12a9bec3d7b103ef96dfda9e75c436612fc35
Opcode Fuzzy Hash: 26c978780c75564582692b50e13a396d5c810437428a86158ead1fa56979b9f5
Instruction Fuzzy Hash: 7FC04C22A9A62029394972653C07DEA025E8D56720B16147FF940E55D25C992D8142FE

Uniqueness

Uniqueness Score: -1.00%

Function 00408733 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040873A

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 00408742
1.38, xrefs: 00408734, 00408739, 00408741

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: c8407f097d4b4996ff136f2c3ea385626dd877c3f54e7aaafc1c7f43f63b1551
Instruction ID: 077a2de6e530767f8f8a5263a5e530a8d9f8b299f56ac8d3a85c5ecfd48a5b9a
Opcode Fuzzy Hash: c8407f097d4b4996ff136f2c3ea385626dd877c3f54e7aaafc1c7f43f63b1551
Instruction Fuzzy Hash: 67C04C2259A6306D3D4933A5794BDEA024E8D57324B16107FF541A55D25C893C8151FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040497B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00404982

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 0040498A
1.38, xrefs: 0040497C, 00404981, 00404989

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: b2d2211aa2eb173cf53635da8df5da82761455f1f9a3c894d05d18441a8e798b
Instruction ID: ce8c6b9130df83ab8c0afd1af596a027e8b0888e437793a1298583a6eb38ad6b
Opcode Fuzzy Hash: b2d2211aa2eb173cf53635da8df5da82761455f1f9a3c894d05d18441a8e798b
Instruction Fuzzy Hash: BCC04C1259A5202D398932953C17DEF024E8D57320B16206FBA40695D25C892D8141FF

Uniqueness

Uniqueness Score: -1.00%

Function 00402B76 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00402B7D

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 00402B85
1.38, xrefs: 00402B77, 00402B7C, 00402B84

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: aae45fff1cfec1ad8b86594c938f9c4d624e26556faed596edbb6332c6f3f83b
Instruction ID: 4f5c75626164dbfafd80348b99963ab7a9d84dd1f5d8ec61549205f2f7f59819
Opcode Fuzzy Hash: aae45fff1cfec1ad8b86594c938f9c4d624e26556faed596edbb6332c6f3f83b
Instruction Fuzzy Hash: 11C04C5299E5202D394932657817DEE124E8D57320B16117FFA40655D35C892D8182FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040CB1C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040CB23

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 0040CB2B
1.38, xrefs: 0040CB1D, 0040CB22, 0040CB2A

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: a219d6abba44a0c877b2e698ac9b0b90e113d49de145b7f6210ef60f60c7d53a
Instruction ID: 531aef82cc003a45f3d6309ecc600574b307fd2a97c03e21a80bdfbb73218b3a
Opcode Fuzzy Hash: a219d6abba44a0c877b2e698ac9b0b90e113d49de145b7f6210ef60f60c7d53a
Instruction Fuzzy Hash: 10C04C6259E5202D3D4933953907DEA028E8D57330B16107FF641655D25D883D8141FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040ABAF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040ABB6

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 0040ABBE
1.38, xrefs: 0040ABB0, 0040ABB5, 0040ABBD

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: a327130f60b70a038e6bd4de18ef329e430df2eed01d8d5916acc96f7d540698
Instruction ID: fd8eaf1fce6ce899814d2ce77275db4dd5cac19f9901057d6998bcb7c5abf39e
Opcode Fuzzy Hash: a327130f60b70a038e6bd4de18ef329e430df2eed01d8d5916acc96f7d540698
Instruction Fuzzy Hash: 59C04C529DA5202D394933A53807DEE025E8D96320B16106FB540655D25D992C8181FE

Uniqueness

Uniqueness Score: -1.00%

Function 00408FFE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00409005

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 00408FFF, 00409004, 0040900C
1.38, xrefs: 0040900D

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: ed5df22c5770f1f7052bba06b713cbd042dd309d674880aba281835f2c03e1c6
Instruction ID: fff324d0faf7d8b0d14dcd6155d2c71b54e2705f0ba7604b252d380fc4553fc4
Opcode Fuzzy Hash: ed5df22c5770f1f7052bba06b713cbd042dd309d674880aba281835f2c03e1c6
Instruction Fuzzy Hash: F8C04C125AE5206D394932653D07DEA024E8D56720B16106FF545655D65C893C8141FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040526D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00405274

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 0040527C
1.38, xrefs: 0040526E, 00405273, 0040527B

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: 2b722d22888fccaf6d67b09def4e3245dab8fb5d0f5d73363e7aeef3bfcd70c2
Instruction ID: e266af1bf60833dd135b2964f202bcab8b80facd9f0f7c2e15cfabd8b8876539
Opcode Fuzzy Hash: 2b722d22888fccaf6d67b09def4e3245dab8fb5d0f5d73363e7aeef3bfcd70c2
Instruction Fuzzy Hash: C2C04C12D9A5202D394933A9380BDEA024E9D57360B16106FF540A55D25C892D8142FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040D3E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040D3EE

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 0040D3E8, 0040D3ED, 0040D3F5
1.38, xrefs: 0040D3F6

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: 6e47198b3b15e4d11b8637fa656fc39514c672150d9eacd72aab78a0802c5ead
Instruction ID: 8d93459c49d6af7b25c8a4b4c202fd9f8707758037e8c628de551d446fba8bf7
Opcode Fuzzy Hash: 6e47198b3b15e4d11b8637fa656fc39514c672150d9eacd72aab78a0802c5ead
Instruction Fuzzy Hash: 59C04C125AA5212D3D4933A53807DEA024E8D97320B26107FB641A59D25C882D8141FF

Uniqueness

Uniqueness Score: -1.00%

Function 0040B47A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0040B481

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 0040B489
1.38, xrefs: 0040B47B, 0040B488

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: ed0bf9d93cf3c5cc9887b99ceec143c03be6e51b922294ff018082971735484b
Instruction ID: 5b22846f854b49fb38c1f477b0dd8c63ec913540427ac75266d689f0d58e517d
Opcode Fuzzy Hash: ed0bf9d93cf3c5cc9887b99ceec143c03be6e51b922294ff018082971735484b
Instruction Fuzzy Hash: 1CC04C1299A5206D395933653817DEE024E8D96320B16107FF541A69D35D992C8141FE

Uniqueness

Uniqueness Score: -1.00%

Function 004034E9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 004034F0

Part of subcall function 0068A19C: __onexit.LIBCMT ref: 0068A1A2

Strings

1.38, xrefs: 004034F8
1.38, xrefs: 004034EA, 004034EF, 004034F7

Memory Dump Source

Source File: 00000001.00000002.555783700.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.557640561.00000000007A9000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_mzQcZawXvh.jbxd

Yara matches

Similarity

API ID: __onexit_strlen
String ID: 1.38$1.38
API String ID: 4000879885-3497077264
Opcode ID: 20e54348b26474a6a9e32087afe74f8c67c28a4a3957b4d219c9ebec82fd8813
Instruction ID: b1944bd9225a8aa413123696bc0613764c06176728732efb393501e9ef0666f4
Opcode Fuzzy Hash: 20e54348b26474a6a9e32087afe74f8c67c28a4a3957b4d219c9ebec82fd8813
Instruction Fuzzy Hash: 7CC04C1259A5206D394932553807DEA024E8D97320B16107FF6406A5D25C892C9142FE

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report mzQcZawXvh.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: BitRat

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Snort IDS Alerts

Network Port Distribution

Windows Analysis Report
mzQcZawXvh.exe

Function 00409FD0 Relevance: 180.7, APIs: 86, Strings: 17, Instructions: 447
threadtimeCOMMON

Function 0040A039 Relevance: 170.2, APIs: 80, Strings: 17, Instructions: 417
librarythreadtimeCOMMON

Function 0040B3A5 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 89
COMMON

Function 0040B707 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 252
COMMON

Function 00411520 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 326
COMMON

Function 0040BA7E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 62
COMMON

Function 00409C70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36
librarymemoryCOMMON

Function 0040B66F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37
COMMON

Function 022FB7C6 Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Function 004101E0 Relevance: 1.5, APIs: 1, Instructions: 8
COMMONLIBRARYCODE

Function 0040B310 Relevance: 1.5, APIs: 1, Instructions: 5
COMMON

Function 022FB485 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Function 00409D30 Relevance: 1.3, APIs: 1, Instructions: 6
memoryCOMMON

Function 00409D50 Relevance: 64.9, APIs: 31, Strings: 6, Instructions: 177
pipefilememoryCOMMON

Function 00409990 Relevance: 22.6, APIs: 15, Instructions: 126
timefileCOMMON

Function 00416CA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59
COMMONLIBRARYCODE

Function 00411C80 Relevance: 1.5, APIs: 1, Instructions: 8
COMMON

Function 0041732E Relevance: 96.7, APIs: 32, Strings: 23, Instructions: 431
COMMON

Function 00421FF9 Relevance: 35.4, APIs: 15, Strings: 5, Instructions: 368
COMMON

Function 0042389B Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 365
COMMON

Function 00409B30 Relevance: 33.3, APIs: 14, Strings: 5, Instructions: 75
timepipethreadCOMMON

Function 0041DB63 Relevance: 33.3, APIs: 22, Instructions: 296
COMMON

Function 00421D57 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 241
COMMON

Function 00413277 Relevance: 28.1, APIs: 6, Strings: 10, Instructions: 100
windowCOMMON

Function 004235FA Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 238
COMMON

Function 00421BA5 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 225
COMMON

Function 00423424 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 222
COMMON

Function 0041E154 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 115
COMMON

Function 0041C5BC Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 112
COMMON

Function 0040D6F7 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 81
COMMON